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Notice 

While reasonable efforts have been made to ensure that the 
information in this document is complete and accurate at the time of 
printing, Avaya assumes no liability for any errors. Avaya reserves the 
right to make changes and corrections to the information in this 
document without the obligation to notify any person or organization of 
such changes. 

Documentation disclaimer 

“Documentation” means information published by Avaya in varying 
mediums which may include product information, operating instructions 
and performance specifications that Avaya generally makes available 
to users of its products. Documentation does not include marketing 
materials. Avaya shall not be responsible for any modifications, 
additions, or deletions to the original published version of 
documentation unless such modifications, additions, or deletions were 
performed by Avaya. End User agrees to indemnify and hold harmless 
Avaya, Avaya's agents, servants and employees against all claims, 
lawsuits, demands and judgments arising out of, or in connection with, 
subsequent modifications, additions or deletions to this documentation, 
to the extent made by End User. 

Link disclaimer 

Avaya is not responsible for the contents or reliability of any linked 
websites referenced within this site or documentation provided by 
Avaya. Avaya is not responsible for the accuracy of any information, 
statement or content provided on these sites and does not necessarily 
endorse the products, services, or information described or offered 
within them. Avaya does not guarantee that these links will work all the 
time and has no control over the availability of the linked pages. 

Warranty 

Avaya provides a limited warranty on its hardware and Software 
(“Produces)”). Refer to your sales agreement to establish the terms of 
the limited warranty. In addition, Avaya’s standard warranty language, 
as well as information regarding support for this Product while under 
warranty is available to Avaya customers and other parties through the 
Avaya Support website: http://supDort.avava.com . Please note that if 
you acquired the Product(s) from an authorized Avaya Channel Partner 
outside of the United States and Canada, the warranty is provided to 
you by said Avaya Channel Partner and not by Avaya. “Software” 
means computer programs in object code, provided by Avaya or an 
Avaya Channel Partner, whether as stand-alone products or pre¬ 
installed on hardware products, and any upgrades, updates, bug fixes, 
or modified versions. 

Licenses 

THE SOFTWARE LICENSE TERMS AVAILABLE ON THE AVAYA 
WEBSITE, http://SUPPORT.AVAYA.COM/LICENSEINFO ARE 
APPLICABLE TO ANYONE WHO DOWNLOADS, USES AND/OR 
INSTALLS AVAYA SOFTWARE, PURCHASED FROM AVAYA INC., 
ANY AVAYA AFFILIATE, OR AN AUTHORIZED AVAYA CHANNEL 
PARTNER (AS APPLICABLE) UNDER A COMMERCIAL 
AGREEMENT WITH AVAYA OR AN AUTHORIZED AVAYA 
CHANNEL PARTNER. UNLESS OTHERWISE AGREED TO BY 
AVAYA IN WRITING, AVAYA DOES NOT EXTEND THIS LICENSE IF 
THE SOFTWARE WAS OBTAINED FROM ANYONE OTHER THAN 
AVAYA, AN AVAYA AFFILIATE OR AN AVAYA AUTHORIZED 
AVAYA CHANNEL PARTNER; AVAYA RESERVES THE RIGHT TO 
TAKE LEGAL ACTION AGAINST YOU AND ANYONE ELSE USING 
OR SELLING THE SOFTWARE WITHOUT A LICENSE. BY 
INSTALLING, DOWNLOADING OR USING THE SOFTWARE, OR 
AUTHORIZING OTHERS TO DO SO, YOU, ON BEHALF OF 
YOURSELF AND THE ENTITY FOR WHOM YOU ARE INSTALLING, 
DOWNLOADING OR USING THE SOFTWARE (HEREINAFTER 
REFERRED TO INTERCHANGEABLY AS “YOU” AND “END USER”), 
AGREE TO THESE TERMS AND CONDITIONS AND CREATE A 


BINDING CONTRACT BETWEEN YOU AND AVAYA INC. OR THE 
APPLICABLE AVAYA AFFILIATE (“AVAYA”). 

Avaya grants you a license within the scope of the license types 
described below, for which the scope of the license is detailed below. 
Where the order documentation does not expressly identify a license 
type, the applicable license will be a Designated System License. The 
applicable number of licenses and units of capacity for which the 
license is granted will be one (1), unless a different number of licenses 
or units of capacity is specified in the documentation or other materials 
available to you. “Designated Processor” means a single stand-alone 
computing device. “Server” means a Designated Processor that hosts 
a software application to be accessed by multiple users. 

License types 

Designated System(s) License (DS). End User may install and use 
each copy of the Software only on a number of Designated Processors 
up to the number indicated in the order. Avaya may require the 
Designated Processor(s) to be identified in the order by type, serial 
number, feature key, location or other specific designation, or to be 
provided by End User to Avaya through electronic means established 
by Avaya specifically for this purpose. 

Concurrent User License (CU). End User may install and use the 
Software on multiple Designated Processors or one or more Servers, 
so long as only the licensed number of Units are accessing and using 
the Software at any given time. A “Unit” means the unit on which Avaya, 
at its sole discretion, bases the pricing of its licenses and can be, 
without limitation, an agent, port or user, an e-mail or voice mail account 
in the name of a person or corporate function (e.g., webmaster or 
helpdesk), or a directory entry in the administrative database utilized 
by the Software that permits one user to interface with the Software. 
Units may be linked to a specific, identified Server. 

Database License (DL). End User may install and use each copy of the 
Software on one Server or on multiple Servers provided that each of 
the Servers on which the Software is installed communicates with no 
more than a single instance of the same database. 

CPU License (CP). End User may install and use each copy of the 
Software on a number of Servers up to the number indicated in the 
order provided that the performance capacity of the Server(s) does not 
exceed the performance capacity specified for the Software. End User 
may not re-install or operate the Software on Server(s) with a larger 
performance capacity without Avaya’s prior consent and payment of an 
upgrade fee. 

Named User License (NU). You may: (i) install and use the Software 
on a single Designated Processor or Server per authorized Named 
User (defined below); or (ii) install and use the Software on a Server so 
long as only authorized Named Users access and use the Software. 
“Named User”, means a user or device that has been expressly 
authorized by Avaya to access and use the Software. At Avaya’s sole 
discretion, a “Named User” may be, without limitation, designated by 
name, corporate function (e.g., webmaster or helpdesk), an e-mail or 
voice mail account in the name of a person or corporate function, or a 
directory entry in the administrative database utilized by the Software 
that permits one user to interface with the Software. 

Shrinkwrap License (SR). You may install and use the Software in 
accordance with the terms and conditions of the applicable license 
agreements, such as “shrinkwrap” or “clickthrough” license 
accompanying or applicable to the Software (“Shrinkwrap License”). 

Heritage Nortel Software 

“Heritage Nortel Software” means the software that was acquired by 
Avaya as part of its purchase of the Nortel Enterprise Solutions 
Business in December 2009. The Heritage Nortel Software currently 
available for license from Avaya is the software contained within the list 
of Heritage Nortel Products located at http://support.avava.com/ 
Licenselnfo under the link “Heritage Nortel Products”. For Heritage 
Nortel Software, Avaya grants Customer a license to use Heritage 
Nortel Software provided hereunder solely to the extent of the 
authorized activation or authorized usage level, solely for the purpose 
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specified in the Documentation, and solely as embedded in, for 
execution on, or (in the event the applicable Documentation permits 
installation on non-Avaya equipment) for communication with Avaya 
equipment. Charges for Heritage Nortel Software may be based on 
extent of activation or use authorized as specified in an order or invoice. 

Copyright 

Except where expressly stated otherwise, no use should be made of 
materials on this site, the Documentation, Software, or hardware 
provided by Avaya. All content on this site, the documentation and the 
Product provided by Avaya including the selection, arrangement and 
design of the content is owned either by Avaya or its licensors and is 
protected by copyright and other intellectual property laws including the 
sui generis rights relating to the protection of databases. You may not 
modify, copy, reproduce, republish, upload, post, transmit or distribute 
in any way any content, in whole or in part, including any code and 
software unless expressly authorized by Avaya. Unauthorized 
reproduction, transmission, dissemination, storage, and or use without 
the express written consent of Avaya can be a criminal, as well as a 
civil offense under the applicable law. 

Virtualization 

Each virtual appliance has its own ordering code. Note that each 
instance of a virtual appliance must be ordered separately. If the end- 
user customer or Business Partner wants to install two of the same type 
of virtual appliances, then two virtual appliances of that type must be 
ordered. 

Third Party Components 

“Third Party Components” mean certain software programs or portions 
thereof included in the Software that may contain software (including 
open source software) distributed under third party agreements (“Third 
Party Components”), which contain terms regarding the rights to use 
certain portions of the Software (“Third Party Terms”). Information 
regarding distributed Linux OS source code (for those Products that 
have distributed Linux OS source code) and identifying the copyright 
holders of the Third Party Components and the Third Party Terms that 
apply is available in the Documentation or on Avaya’s website at: http:// 
support.avava.com/Copvright . You agree to the Third Party Terms for 
any such Third Party Components. 

Certain software programs or portions thereof included in the Product 
are open-source products. The Open Source license file, 
OpenSourceLicense.txt, is available in the Licenses folder on the 
Presence Services server: /Licenses/OpenSourceLicense.txt 

Preventing Toll Fraud 

“Toll Fraud” is the unauthorized use of your telecommunications 
system by an unauthorized party (for example, a person who is not a 
corporate employee, agent, subcontractor, or is not working on your 
company's behalf). Be aware that there can be a risk of Toll Fraud 
associated with your system and that, if Toll Fraud occurs, it can result 
in substantial additional charges for your telecommunications services. 

Avaya Toll Fraud intervention 

If you suspect that you are being victimized by Toll Fraud and you need 
technical assistance or support, call Technical Service Center Toll 
Fraud Intervention Hotline at +1-800-643-2353 for the United States 
and Canada. For additional support telephone numbers, see the Avaya 
Support website: http://support.avava.com . Suspected security 
vulnerabilities with Avaya products should be reported to Avaya by 
sending mail to: securityalerts@avaya.com. 

Trademarks 

The trademarks, logos and service marks ("Marks”) displayed in this 
site, the Documentation and Product(s) provided by Avaya are the 
registered or unregistered Marks of Avaya, its affiliates, or other third 
parties. Users are not permitted to use such Marks without prior written 
consent from Avaya or such third party which may own the Mark. 
Nothing contained in this site, the Documentation and Product(s) 
should be construed as granting, by implication, estoppel, or otherwise, 


any license or right in and to the Marks without the express written 
permission of Avaya or the applicable third party. 

Avaya and one-X are registered trademarks and Avaya Aura is a 
trademark of Avaya, Inc. 

All non-Avaya trademarks are the property of their respective owners. 
Linux® is the registered trademark of Linus Torvalds in the U.S. and 
other countries. 

Downloading Documentation 

For the most current versions of Documentation, see the Avaya 
Support website: http://support.avava.com . 

Contact Avaya Support 

See the Avaya Support website: http://support.avava.com for product 
notices and articles, or to report a problem with your Avaya product. 
For a list of support telephone numbers and contact addresses, go to 
the Avaya Support website: http://support.avava.com , scroll to the 
bottom of the page, and select Contact Avaya Support. 
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Chapter 1 


Introduction to Presence 
Services 


New in this release 

• Presence Services 6.2 supports up to 10,000 H.323 users and/or SIP users per node and 
up to 50,000 H.323 and /or SIP users in a five-node cluster. For the H.323 and SIP users, 
Presence Services 6.2 supports an average of 25 buddies per user with a maximum limit 
of 150 buddies per list. 

• Presence Services 6.2 supports Avaya Common Servers, Dell™ PowerEdge™ R620 and 
HP ProLiant DL360p G8 servers. 

• Presence Services 6.2 supports Microsoft Exchange Calendar Collector. 

• Presence Services 6.2 supports Simple Authentication & Security Layer (SASL). 

• Presence Services 6.2 enhances Access Control Lists. 

• Presence Services 6.2 supports Inter-Tenant Communication Control. For more 
information about Inter-Tenant Communication Control, see the Administering Avaya 
Aura® System Manager guide. 

Presence Services 6.2 supports VE Compatibility with vSphere 5.1. 

• Presence Services 6.2 supports VE Footprint Flexibility for IK, 2.4K, 5K, and 10K line 
size. 

Presence Services 6.2 failover improvements. 
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Key features of Presence Services 

Some of the key features of Presence Services include: 

• Incorporates the Presence Model which uses a set of complex rules engaged in an 
algorithm to arrive at an aggregated presence for a user. 

• Ability to support several protocols, such as SIP/SIMPLE and XMPP protocols. Enables 
it to aggregate and federate presence with most major IM and messaging solutions, as 
well as a number of user productivity tools. 

• Incorporates an architectural design that improves network traffic management. Using 
server-to-server updates, Presence Services efficiently collects and publishes presence 
information, reducing traffic on the network. 


Overview 

Presence is an indication of the availability of an individual at a point in time and readiness to 
communicate across a set of services, such as telephony and instant messaging. The 
presence or availability of a person is indicated by states like Busy and Away. These states 
indicate the availability of the individual to communicate with other users at that point in 
time. 

Presentity refers to the visibility of a person on a shared communication network. The persons 
who are a part of the presentity group have access to the presence status of another person 
while reflecting their own active status. They are referred to as Watchers. To receive presence 
updates for a given presentity, a watcher must subscribe to the feature or service. 

Presence Services is a single point of reference where different Presence entities collect. It 
supports Presence information gathered from a diverse range of sources. This information is 
aggregated on a per-user basis, and then made available to applications that include the 
Presence feature. 

Applications interested in a user's presence must first subscribe to receive Presence 
information. Presence aware applications may use the Local Presence Service (LPS) to 
subscribe to Presence Services. 

When an application subscribes to Presence Services, it receives Presence change 
notifications containing aggregated presence for a user and the communication resources 
available to the user. LPS runs co-resident on the application server. Using this information, 
the application can provide visual indications about user presence to an end-user client 
Graphical User Interface (GUI). 

Presence Services uses LPS to efficiently transfer Presence information between the 
Presence server and the application servers. Presence Services uses presentities and 
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watchers to do this. Presence Services facilitates the secure exchange of telephony availability 
and instant messaging (IM) information between applications. 

In the business world, users employ the exchange of presence information to locate other users 
in a workplace. They also know when to contact helpdesk executives to address customer 
inquiries and help customer services to troubleshoot problems in real time. 

Presence Services provides a Presence aggregation service that collects Presence 
information from Avaya and third-party sources and distributes Presence information to Avaya 
tools. It also aggregates Presence information from a wide variety of Avaya endpoints, 
including the one-X® family of clients. 

Presence Services also supports the XMPP instant messaging protocol. By using a set of 
collectors, Avaya Presence Services serves as a conduit between end-users allowing them to 
use the Presence Services core Presence capabilities with these other Presence sources. 

Presence Services is compatible with client software from Microsoft, IBM Lotus, and open 
source. You can see on-the-phone status on several phones and Internet messaging status 
in the Microsoft Office Communicator and other Internet Messaging applications. Some of the 
main applications are: 

• The AES Collector allows Presence Services to report telephony Presence from 
Connection Manager endpoints. The collector collects Presence from H323 and DCP 
telephones and SIP telephones administered as OPTIM extensions. 

• The SES Collector allows Presence Services to report telephony Presence from SIP 
terminals connected to SES servers. Note that you do not require the SES collector if the 
solution deployment includes Avaya Aura® Session Manager. 

• The RTC Collector allows Presence Services the ability to report basic Presence from 
Microsoft Office Communicator clients. 

• The XMPP Collector allows Presence Services to collect and aggregate Presence 
information from XMPP Clients based on federated foreign XMPP servers. 

• The Exchange Collector allows Presence Services to collect and publish the Calendar 
and Out of Office Assistant information for Exchange Mailboxes. 

Related topics: 

Components of the Presence Services system on page 11 

External entities on page 12 

Other Avaya applications on page 13 


Components of the Presence Services system 

Presence Services performs the administration, life-cycle management, and configuration 
management of these subsystems. 
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O Note: 

Presence Services 6.2 can support and integrate with multiple Presence sources, such as 
Microsoft Office Communicator clients on Microsoft Office Communications Server (OCS), 
and XMPP clients on XMPP server. The integration and support for these Presence sources 
depends on the overall solution capability in which you deploy Presence Services. 

• The Presence Services Core extensible Communication Platform (XCP) server. 
Maintains a list of Presence fragments for a given presentity and performs composition 
of these fragments. Core XCP is the conduit between the collectors and distributors of 
Presence information in the system. 

• The SIP Bulk Subscription server. Supports bulk distribution of Presence so that the 
transfer of Presence information between Presence Services and LPS is efficient. 

• The SIP Presence server. Supports SIP-based clients who need to subscribe to and 
publish Presence. LPS uses SIP Presence server to publish Presence. 

• ThePresence server. Collects Presence information from various sources, such as 
Application Enablement Services (AES), Microsoft Office™ Communicator Server (OCS), 
and extensible Messaging and Presence Protocol (XMPP) Server. This information is for 
presentities retrieved from User Data Store. Presence server distributes Presence of a 
given class, such as Phone, Enterprise IM, and Avaya one-X® Communicator to users. 

• OCS Gateway. Provides federation capability between Presence server and an OCS 
server. Enables peer-to-peer Presence and IM between clients connected to both 
servers. 

Some of the example that Presence Services use for naming the components are: 


Component Name 

Description 

CORE-ROUTER-1 

Global jabber core router 

sip-ps-1 

SIP Presence server 

sip-bulksub-1 

SIP Bulk Subscription server 

cm-1 

XMPP Connection Manager 

idmapper-1 

IdMapper 


External entities 

The Presence server may interact with the following external entities: 

• Application servers hosting presence-aware applications. In this case, Presence Services 
provides an LPS that runs co-resident on the application server. The LPS maintains local 
subscriptions, performs access control, and exchanges data with the regional/central 
Presence server using the SIP Server-to-Server (S2S) protocol. Applications using LPS 
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may request Presence information (subscribe/notify) from Presence Services or may 
provide Presence information (publish) to Presence Services for aggregation. 

• Presence sources. There are a variety of other Presence sources from which Presence 
Services can collect Presence information. 

- Avaya Aura® Communication Manager (through AES) for Avaya telephony 
devices. 

- Microsoft-RTC (OCS/Lync) for Microsoft Presence. 

- XMPP Server for XMPP Presence. 

- Microsoft Exchange for Exchange presence. 

- Avaya Aura® SIP Enablement Server (SES) for Presence of endpoints connected to 
SES. 

• System Manager user management services. There is sizable user data that Presence 
Services and Avaya Applications must share in order to provide a unified view of a specific 
user within the enterprise. This data includes the user identities within various Presence 
domains, such as enterprise handle, Communication Manager extension, and Microsoft- 
RTC. In addition, the user has access control lists that must be shared among various 
applications and Presence Services components, such as the Presence server and 
Presence Services LPS. Presence Services relies on System Manager to provide all the 
user data instead of implementing its own User Management administration 
infrastructure. Presence Services uses Database Replication to retrieve data from a 
centralized management service and get change notifications. 


Other Avaya applications 

To successfully operate Presence Services, you must install the following Avaya applications 
that are compatible with the Avaya Aura® framework. 

O Note: 

It is important to install each component with the correct version. 

• Avaya Aura® System Platform 6.3.1. 

If you are installing Presence Services on System Platform on the Avaya Aura® S8800/ 
Dell™ PowerEdge™ R610/HP ProLiant DL360 G7 server, you require System Platform 
6 . 2 . 2 . 

• Avaya Aura® Dell ™ PowerEdge™ R620 and HP ProLiant DL360p G8 server. 

• Avaya Aura® System Manager 6.3.4. 

• Avaya Aura® Session Manager 6.3. 
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* Application Enablement Services (AES) 6.2 and later versions. 

* Avaya Aura® System Manager 6.3.4 that manages Communication Manager 6.2.1. 

* Avaya Aura® Unified Communication Manager 6.1 in System Manager that manages CS 
1000 7.6. 

O Note: 

Non-SIP deployments require AES. 


Configuration views 

The Presence Services XCP Controller Web interface offers three levels of configuration called 
Configuration views. The Configuration view menu is located in the top right corner of every 
controller configuration page. When you select a particular view, it remains in effect on all 
pages until you change it. 

• The Basic configuration view. Displays the fewest configuration options and primarily 
uses the default values of the server. Configuring your system using this view is sufficient 
for most server components and enables you to get your XCP system up and running in 
the shortest amount of time. 

• The Intermediate configuration view. Displays all of the options that are available in the 
Basic view in addition to some other options, such as those used for host name and 
command configurations and for logging. It also includes many of the options for 
components that are installed with the XCP extras installation package. The components 
whose configurations require you to use at least the Intermediate view includes a 
Message Archiver. 

• The Advanced configuration view. Displays all of the options that are contained in the 
Basic and Intermediate views in addition to a number of fine-tuning options, such as buffer 
size, run level, and thread count. These options require a more advanced level of XCP 
server knowledge, and you can use them to adjust the performance of your XCP system. 
The components whose configurations require you to use the Advanced configuration 
view include: 

- Single Domain Name Support (SDNS) 

- Router-to-Router Connection 
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Areas on the Controller’s main page 


XCP Controller - 

P 

resence 

► 

i 

[Home] [Logoff] 

Configuration view: 

Basic v i 

__ A 

Basic \ 

Intermediate A 
Advanced i 

System 


Areas on the Controller’s main page 


The System area 

The links in the System area perform the following functions: 

• Summary. Displays the complete jabber.xml file, which contains your configuration 
settings. 


O Note: 


If you have modified the configuration of a plug-in or component, you must restart the 
system before the changes take effect and before they display in Summary. 

• Cluster. Displays a page from which you can access all the controllers in this cluster. 

• Stop the System. Stops the XCP server and all of its plug-ins and components. 

• Online Help. Displays a help topic for the main page of the controller. 

• Full Help System. Opens the complete online help system of the controller which is the 
online version of Administering Presence Services. 




••v"' • / 


System 


[Summary] [Cluster] [Stop the System] [Online Help] 






The Router area 

Router plug-ins are extensions of the Presence server core router, and always start and stop 
with the system. Each plug-in on your system is listed in the Router area of the controller. 

You can add a new plug-in by selecting one from the list and clicking Go to display its 
configuration page. You can also modify the configuration of a plug-in by clicking the 
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corresponding Edit link, or remove a plug-in (except for the core router) by clicking Remove 
link next to the plug-in. 


© Important: 

You cannot remove the Core Router, since it is the core of the Presence server. 





| Smglt Domain Name Support 

Status | Plugin 

Core Router 



Description Actions 

outer settings Ed* 

“'‘‘-■Hi—- 


Ports 


Remove 


J 


The Components area 

Components are extensions of the Presence server that you can start and stop independent 
of the server. In the Components area, you can add, modify, start, stop, or remove server 
components. 

Add a new component by selecting from the Add a new drop-down box and clicking Go to 
access its configuration page. You can stop individual components if needed, by clicking the 
Stop. You can also modify configuration of a component by clicking Edit , or remove a stopped 
component by clicking Remove . (Stop a component before you remove it.) 





Restarting the system 

Procedure 

Log in to the Presence Services XCP Controller Web interface (https : / /<ip 

address> : 7300/admin), do the following: 
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O Note: 

The default user name and password forthe Presence Services XCP Controller Web 
interface. Contact Presence Services Support Personnel for the user name and 
password information. 


a. To stop the system, click Stop the System. 


XCP Controller - presence 


[Home] [Logoff] 


System 


[Summary] [Cluster] [Stop the System] [Online Help] 


i 



b. To restart the server, click start the system now. 


XCP Controller - presence 


System 


Welcome to the Jabber XCP Controller. This tool displays configuration 
data from your Jabber XCP system so that you can modify your setup. 
To view or modify your current configuration, start the system now 

You can also view all of the controllers in this Jabber XCP cluster. 


c. To display the page from which you can access all the controllers in the current 
cluster, click view all of the controllers. 
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Chapter 2: Administering System Manager 

for Presence Services 


System Manager and Presence Services 

The presence administration pages of Avaya Aura® System Manager allow the administrator 
to manage: 

• System Manager and Presence Services 

• Viewing the details of the Presence server on System Manager 

• Viewing the status of Presence server on System Manager 

• Presence configuration properties 

Also, you must add the new Presence server to the System Manager inventory manually using 
System Manager Web Console. 

For information on the Geographic Redundancy feature, see the Administering System 
Manager 6.3 guide and the Configuring GR-unaware elements to work with System Manager 
Geographic Redundancy guide. 

To change the Presence Services host name, Avaya recommends that you install the Presence 
Services instance. 

O Note: 

To install Presence Services, refer the Implementing Avaya Aura® Presence Services 
guide. 

The creation of the Presence Services instance on System Manager is automatic. For this 
reason, the steps required for adding a server are not included here. 

To view the details and status of the Presence server on System Manager, use System 
Manager Web Console. You can also view the status of the Presence server on System 
Manager. 
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Viewing the details of the Presence server on System 
Manager 

About this task 

Perform this task to view the deployment status of the Presence Services elements with the 
System Manager. 

Procedure 


1. Log in to System Manager by entering the System Manager virtual machine IP 
address in a Web browser: https ://< System Manager hostname>/ 
SMGR. 


2. System Manager 

3. On the Manage Elements page, click the associated check box to select an instance 
of Presence Services. 



Inventory 

Manage Elements 

Upgrade Management 
Collected Inventory 
Manage Serviceability 
Agents 

Inventory Management 
Synchronization 
CS 1000 and CallPilot 
Synchronization 


Home /Elements / Inventory / Manage Elements 


Manage Elements 



j 

Elements 



1 

1 

[ New 1 

Mor# Actions * 


1 

4 

10 Items Refresh Show ALL v 

□ 

Node 

Type 

Version De»cnpt 


□ 

□ 

□ 


cedcm 


135 27.153 139 

1*3.147.170.123 

148.147.170.123 


Communication 

Manager 

UCMApp 

UCMApp 



4. To view the details of the Presence server, click View. 

On the View page, in the General area, you can view the server name, type, node, 
and an optional description. 

In the Port area, you can view any configured ports. In a default installation, no ports 
are required. 


In the Access Point area, you can view the access points. Access points are the 
ports that System Manager uses to access Presence Services. By default, System 
Manager displays two access points for each new Presence server. One of the 
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access points defines the port that System Manager uses to view the status of 
Presence Services components. The other access point defines the port that 
System Manager uses to launch the XCP Web Controller, which is also known as 
the Presence Services Web GUI for administrators. 


Viewing the status of the Presence server on System 
Manager 

Procedure 

1. Log in to System Manager by entering the System Manager virtual machine IP 
address in a Web browser: http ://< System Manager IP address>/ 
SMGR. 

2. System Manager 

3. On the Manage Elements page, click the name of the Presence Services instance 
and then click View. 

On the View Presence Services screen, the system displays the name, type, node, 
and an optional description. 

4. Click Open to launch the Presence Services XCP Controller Web interface. 

5. Click Show to display the status of the Presence Services components in a 
Presence System Status area at the bottom of the page. 

The Presence System Status area displays the Presence Services components 
as a list of folders, which you can expand to view more detail. 


Presence configuration properties 


Administering Presence configuration properties 

Procedure 

1. System Manager 

2. On System Manager Dashboard, click Elements > Presence > Configuration. 
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The Presence Configuration Properties page displays all the global Presence 
configuration properties. 


Related topics: 

Modifying a configuration property on page 22 


Modifying a configuration property 

Procedure 

1. Click Edit. 

2. Change the value of the property. 

3. Click Save. 


Domain substitution rule 

System Manager has a domain substitution rule that uses one of the following: 

• String substitution 

• Regular expression matching and replacement 

Presence Services uses the domain substitution rule to convert a user ID in System Manager 
to a valid ID in Presence Services. By default, the system uses string substitution. 

The conversion that happens is explained in an example below. 

Example 

A user Jane Doe works for a company example: 

• Jane Doe's company domain: example.com 

• User login of Jane Doe in System Manager: janedoe@example.com 

• In the Presence Services domain (ROUTER_SERVICE_NAME), Jane Doe’s domain 
changes to: presence.example.com 

• Jane Doe’s ID in Presence Services is: janedoe@presence.example.com 

Related topics: 

Understanding Presence Services domain, domain substitution rule, and user global login on 

page 23 

Setting the domain substitution rule on page 24 
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Understanding Presence Services domain, domain substitution rule, and 
user global login 

Make a note of the Router Service Name field value correctly and use the Router Service Name 
field value when you install Presence Services (Software only, System Platform template, or 
Virtual Environment installation.) 

O Note: 

This becomes the Presence Services domain and also other configuration settings like 
domain substitution rules and user logins are inter-related to the Presence Services 
domain. 

System Manager has a domain substitution rule interface that you can use to add a rule. It is 
important to note that you can create only one “From->To” rule at a time. If you modify a rule 
after the Presence Services installation, then you must restart Presence Services using 
stop. sh and start. sh scripts. 

Presence Services uses this rule to convert a user ID in System Manager to a valid ID in 
Presence Services. The conversion that happens is explained in the examples below: 

Example 1 — String substitution 

• A user Jane Doe works for a company and the company name is Example. 

• The domain name of the company is, example. com. 

• User login of Jane Doe in System Manager: janedoe@exampie.com 

• Domain Substitution - From rule: Type: text, Value: @ 

• Domain Substitution - To rule: Type: text, Value: @presence. 

• In the Presence Services domain (ROUTER_SERVICE_NAME), Jane Doe’s domain 
changes to: presence.example.com 

• Jane Doe’s ID in Presence Services is: janedoe@presence.example.com 

Example 2 - Regular expression matching and replacement, multiple sub- 
domains within a single domain 

• John Doe and Jane Doe work for a company and the company name is Example. 

• The company has multiple sub-domains: siteA.example.com, siteB.example.com, 
siteC.example.com 

• User login of John Doe in System Manager: johndoe@siteA.exampie.com 

• User login of Jane Doe in System Manager: janedoe@siteB.exampie.com 

• Domain Substitution - From rule: Type: regular expression, Value: @ [A-Za-zO-9] + 
\. 

• Domain Substitution - To rule: Type: text, Value: @presence. 
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• In the Presence Services domain (ROUTER_SERVICE_NAME), John Doe’s domain 
changes to: presence.example.com 

• John Doe’s ID in Presence Services is: johndoe@presence.example.com 

• Jane Doe’s ID in Presence Services is: janedoe@presence.example.com 

O Note: 

The user name before the domain must be unique across the multiple domains. 

Example 3 - Regular expression matching and replacement - consolidating 
multiple sub-domains within multiple domains 

• John Doe, Jane Doe, Joe Public, and John Smith work for a company and the company 
name is Example. 

• The company has multiple domains and sub-domains: siteA.exampieA.org, 
siteB.exampleA.org, siteC.exampleB.gov, exampleC.gov 

• User login of John Doe in System Manager: johndoe@siteA.exampieA.org 

• User login of Jane Doe in System Manager: janedoe@siteB.exampieA.org 

• User login of Joe Public in System Manager: j oepublic@siteC. exampleB. gov 

• User login of John Smith in System Manager: johnsmith@exampieC.gov 

• Domain Substitution - From rule: Type: regular expression, Value: @ [A-Za- 
zO-9.-]+[gov|org]$ 

• Domain Substitution - To rule: Type: text, Value: @presence.example.org 

• In the Presence Services domain (ROUTER_SERVICE_NAME), John Doe’s domain 
changes to: presence.example.com 

• John Doe’s ID in Presence Services is: johndoe@presence.example.org 

• Jane Doe’s ID in Presence Services is: janedoeSpresence.example.org 

• Joe Public’s ID in Presence Services is: joepubiic@presence.example.org 

• John Smith’s ID in Presence Services is: johnsmith@presence.example.org 

For more details on regular expressions, log in to System Manager Web Console and click the 
Help link. 


Setting the domain substitution rule 
About this task 
© Important: 

Setting a domain substitution rule is a very important task and you must set the domain 
substitution rule before the Presence Services installation. 
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Procedure 

1. Log in to System Manager Web Console as an administrator. 

2. Click Element > Presence > Configuration. 

The system displays the Presence Configuration Properties page. 

Home / Elements / Presence / Configuration 


Presence 


Presence Configuration Prope 



Save || Cancel 


Save 1 [ Cancel 


© Note: 

Please note that the screen shots illustrated contains only sample values. You 
must customize your settings to match the requirements of your deployment. 

3. Click Edit and set the following values: 

a. From the Type drop-down box, select a type for the Domain Substitution - 
From rule. 

b. Enter a value in the Value field for the Domain Substitution - From rule. 

c. Enter a value in the Value field for the Domain Substitution - To rule. 

d. Optional: Define a default domain substitution rule. 

O Note: 

Ensure that you do not set the same rule for the Domain Substitution - 
To rule and the Domain Substitution - Default rule. For example, you 
cannot set both the rules to @presence.example.com. 

e. If you define the String substitution rule, in the Domain Substitution - From 
field, from the Type drop-down box, select text. 
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Home / Elements / Presence / Configuration 


Presence 


■ft® Presence Configuration Properties | s.v. II Cancel 

va 


4 Items Refresh Filter: Er 


Name 

Type 

Value 

Domain Substitution - From 

text 

v 5 

Domain Substitution - To 

text 

^presence. 

Domain Substitution - Default 

text 


Publish Presence with AES Collector - Default 


On v 


I Save 


Cancel 


The string based substitution rule replaces the “@” in the domain with 
“@presence.” Therefore, in the example, johndoe@example.com becomes 
johndoe@presence.example.com. Notice that there is a dot after the word, 
presence. If you miss the after presence, then the result becomes 
johndoe@presenceexample.com. 

f. If you define the Regular expression matching and replacement rule, in the 
Domain Substitution - From field, from the Type drop-down box, select 
regular expression. 

Home / Elements / Presence / Configuration 


Presence 



Save || Cancel 


4 Items Refresh 



Filter: Enat 

Name 

Typ« 

Value 


Domain Substitution - From 

1 1ar expression v 

S[A-Za-rO-9]+' 


Domain Substitution - To 

text 

Cpresence._ 


Domain Substitution - Default 

text 



Publish Presence with AES Collector - Default 


On v 



[ Save | [ Cancel 


4. To save the changes, click Save. 

For more information, see the Implementing Avaya Aura® Presence Services 
guide. 
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O Note: 

If you change the Domain Substitution rules after the Presence Services 
installation, you must restart the Presence server for the changes to take 
effect. 


User configuration in System Manager 

An administrator can configure users in Presence Services to enable Presence and Instant 
Messaging (IM) on Avaya supported endpoints. 

For more information about Presence and AES configuration for a user, see Adding a presence 
profile for a user on page 50 

Related topics: 

User addition and deletion on page 27 


User addition and deletion 


O Note: 

System Manager and Presence databases remain in sync all the time. 

When you add a user to System Manager, the user automatically appears in Presence Services 
when you start the system. For users to get authenticated in Presence Services, you must 
create a communication profile password in System Manager. 

Presence Services then creates an XMPP/Avaya handle for every user created in System 
Manager. The newly created XMPP/Avaya handle is stored on the Presence server, the 
Presence server maintains the equivalent ID as long as the user exists in the System Manager 
database. 

© Important: 

When you integrate Presence Services with System Manager, you cannot update the Login 
Name field on System Manager. If you want to change the login details for a user, you must 
delete the user and add the user again. 

Adding or deleting a user is a related to provisioning a user in System Manager and hence, is 
not a presence specific task. 
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When you delete a user from System Manager, the user also gets deleted from Presence 
Services. The system also unsubscribes all corresponding actively monitored handles. This 
deletion of user helps you effectively manage user licenses. 

Related topics: 

Adding the communication profile password in System Manager on page 28 


Adding the communication profile password in System Manager 

About this task 

Presence Services uses the communication profile password to authenticate Avaya soft clients 
for XMPP sessions. To log into a Presence server, you need the communication profile 
password. 

Procedure 

1. Log in to System Manager Web Console. 

2. On System Manager Dashboard, click Users > User Management > Manage 
Users. 

The system displays the User Management page. 

3. To edit a user profile, select the user and click Edit. 

The system displays the User Profile Edit page. 

4. On the User Profile Edit page, click the Communication Profile tab. 

5. Under the Communication Profile section, click Edit next to the Communication 
Profile Password field. 

6. Enter the communication profile password, confirm the password, and then click 

Done. 

7. To save the changes, click Commit. The system updates the user password to 
Presence Services as well. 

© Note: 

A user can create a new contact in Avaya one-X® Communicator and provide an 
IM handle. The password for this contact (user station password -CMSM) should 
be the same as the Communication Profile password in System Manager. 
Administrators will have to communicate this information to the Avaya one-X® 
Communicator users. 
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Licensing 

To successfully deploy Presence Services in a customer site, you require a valid Presence 
Services license. 

© Note: 

You can find the license for Presence Services on the System Manager WebLM server. 
The most important aspects of a license are: 

• Number of users 

• Expiration date 

• Version number 

At any given time, a license is in one of three states: 

• Valid. The license is operational. 

• Grace. The license is operational, but will expire soon. This state can last up to 30 
days. 

• Expired. The license is no longer operational and the grace period has elapsed. 

When the license enters the grace period, it generates an error log. When a license expires, 
it generates a fatal log. 


Presence Services license renewal 

Presence Services licenses operate in the same way as all of the other Avaya Aura® products 
that reside within the System Manager framework. That is to say, you must use Avaya Product 
Licensing and Delivery System (PLDS). 

PLDS provides customers, Avaya Partners, distributors, and Avaya Associates with easy-to- 
use tools for managing license entitlements and electronic delivery of software and related 
license files. Using PLDS, you can perform operations such as license activations, license 
upgrades, license moves, and software downloads. When you place an order for a PLDS- 
licensed software product such as Presence Services, the license entitlements on the order 
are automatically created in PLDS. Once these license entitlements are created, you receive 
an e-mail notification from PLDS. This e-mail notification includes a license activation code 
(LAC). Using the LAC, you can quickly find and activate the newly purchased license 
entitlements in PLDS. You can then download the license file. 

You must provide the WebLM host ID to activate the license file in PLDS. The WebLM host ID 
is the MAC address of the server and is obtained from the WebLM Web interface. The WebLM 
Web Host ID is the System Manager host ID. 
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O Note: 

WebLM host ID should be the System Manager host ID. 


Renewing your Presence Services license 

Before you begin 

Before you perform this task, you must have a valid login and password for PLDS. You must 
also place an order for a license, for example, with your Avaya account manager. In response, 
your Avaya account manager sends you an e-mail containing a LAC. 

Procedure 

1. Log in to System Manager Web Console as an administrator. 

2. On System Manager Dashboard, click Services > Licenses > Server 
Properties. 

3. Note the string in the Primary Host ID field. This is the WebLM host ID. 

4. Type http://plds.avaya.com in your Web browser to access the Avaya PLDS Web 
site. 

5. Enter your login ID and password to log on to the PLDS Web site. 

6. In the LAC(s)field of the Quick Activation section, enterthe LACthatyou received 
in an e-mail message. 

7. In the License Host field, enter the WebLM host ID. 

8. Click View Activation Record. 

• The Overview tab displays a summary of the license activation information. 

• The Ownership tab displays the registration information. 

• The License/Key tab displays the license files resulting from the license 
activation. In general, a single license file is generated for each application. 

• From the License/Key tab you can view and download the license file. Each 
license file must be installed on the WebLM server associated with the License 
Host. 

9. Save the license file to your computer. 

10. Log in to System Manager Web Console by entering the System Manager virtual 
machine IP address in a Web browser. 

11. On System Manager Dashboard, click Services > Licenses > Install License. 

12. On the Install License page, enter the license file path. You can also click Browse 
to select the license file. 
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13. Click Install to install the license file. 

WebLM displays a message on the successful installation of the license file. 


Presence Services Admin status check 

presstatus is a Presence Status tool that collects Presence Services component status 
information, including the Presence server components that run under the Presence server 
container and the Presence server external processes. 

Internal and contained components that are providing status includes umc, replicator, 
dbfactory, aclstorage, AES Collector, RTC collector, SES collector, XMPP collector, Presence 
transformer component, RLMS component, Id Mapper, IM and SDNS, also provide the status 
information of the Presence Services (IM Transcript Service) and Presence Services 
processes running under jabber user (Web Connection Manager, jabbered, sip_proxy, sip_ps, 
sip_bulksub, and sip-gw). 

Related topics: 

presstatus on page 31 

Using the Interactive Mode on page 31 

Using the Command line mode on page 32 

Example output on page 32 

Status description on page 34 


presstatus 

The presstatus script is installed in the folder /opt/Avaya/Presence/presence/bin. The 
presstatus is a stand-alone command line tool to generate the current state of the Presence 
Services components. This enables you to know the current state of Presence Services 
components. 

You can run the presstatus in the interactive and the command line modes. 

• Interactive mode - Use System Manager to view the status of Presence Services 
components. 

• Command line mode - Run command line arguments to view the status of Presence 
Services components. 


Using the Interactive Mode 
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Procedure 

1. Log in to System Manager Web Console as an administrator. 

2. On System Manager Dashboard, click Services > Inventory > Managed 
Elements. 

The system displays the Manage Elements page. 

3. Click the element name and then click View. 

C Note: 

The first part of hostname appears as name. For example, if 

xPS . du. rnd. avaya. com is the host name, the name appears as xPS. 

4. Click Show displayed with the Status field. 

The system displays the Presence Status System interface below the Presence 
System Information page. 

You can view the Presence System Status as Contract Mode or Expand Mode by 
clicking the respective options. 


Using the Command line mode 

Procedure 

1. Log in to the Presence server as a root user. 

2. Go to the bin folder. For example: cd /opt/Avaya/Presence/presence/ 
bin. 

3. At the command prompt, type . /presstatus. 


Example output 

The following example illustrates an example of current status of all Presence Services 
components that are be generated. 

Activity: Wed Aug 18 11:30:16 1ST 2010 
Component: Presence Server (Partially Enabled) 

Process ID (PID): 1054 
CPU%: 0.0 

Activity: Wed Aug 18 11:30:16 1ST 2010 
Component: Replicator Component (Connected) 

Activity: Wed Jul 28 10:55:15 1ST 2010 

Last Activity: addBatchListener ReplicationListMonitor to tables: [cscontactlist. 
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cscontactlistmember, csuser] 

Component: User Management (Licensed) 

license-detail: The product license is in the 30 day grace period since Mon Aug 16 
10:59:11 1ST 2010 because the number of users has been exceeded or there has not 
been a valid license installed, there are 27 day(s) left before the license will 
expire. 

The product license has not reached its expiration date and is valid. 

The product license is the correct version. 

Activity: Wed Aug 18 11:30:16 1ST 2010 

Last Activity: Got replication event from replica component 
users: 0 

Component: Avaya Application Enablement Services Integration (Started) 

Component: Microsoft Office Communications Server Integration (Unknown) 

Component: Avaya SES Integration (Started) 


Component: Sametime Component (Disabled) 
Component: Sametime Collector (Disabled) 
Component: Sametime Distributor (Disabled) 


Component: XMPP Collector (Connected) 
Activity: Wed Aug 18 03:52:19 1ST 2010 

Component: 135.64.23.113 (Connected) 
Activity: Wed Aug 18 03:52:19 1ST 2010 

Component: ID Mapper (Started) 


Component: IM Transcript Launcher (Started) 

Component: Single Domain Name Support Component (Disabled) 

Component: ACL Manager (Started) 

Activity: Wed Jul 28 10:55:05 1ST 2010 
Last Activity: startup 

Component: Local Presence Database (Connected) 

Activity: Wed Aug 18 11:30:14 1ST 2010 
Database Status: OK 

Last Status Change: Wed Jul 28 10:55:03 1ST 2010 
Component: presence-model (Active) 


Component: provisioning (Active) 


Component: XMPP Daemon (Active) 
Process ID (PID): 3132 
CPU%: 0.0 

Component: SIP Proxy (Active) 
Process ID (PID): 3277 
CPU%: 0.0 


Component: Web Connection Manager (Active) 
Process ID (PID): 3237 
CPU%: 0.0 


Component: XMPP Connection Manager (Active) 
Process ID (PID): 3719 
CPU%: 0.0 
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Component: SIP Presence Server (Active) 

Process ID (PID): 3716 
CPU%: 0.0 

Component: Microsoft Office Communications Server Gateway (Active) 
Process ID (PID): 3723 
CPU%: 0.0 


Component: SIP Bulk Presence Subscription Server (Active) 
Process ID (PID): 3718 
CPU%: 0.0 


Component: 

Component: 

Component: 

Component: 
Subj ectDN: 


Presence Web Server (Disabled) 

IM Transcript Web Service (Disabled) 

Certificates (Active) 

Cert 1 (Active) 

C=US/ 0=Avaya/ CN=ips23-105.pres.avayainstall.com 


Expiry: Fri Jul 27 10:42:03 1ST 2012 
Issued: Wed Jul 28 10:42:03 1ST 2010 
IssuerDN: 0=AVAYA/ OU=MGMT/ CN=default 


Status description 

The following table describes the different status of components: 


Status 

Description 

Partially Enabled 

Some components are disabled. 

Connected 

Indicates connection of the component to the corresponding 
source. For example, in the case of RTC collector, this 
status indicates whether the Microsoft Office 
Communications Server integration component is able to 
connect to OCS server or not. 

Licensed 

The current Presence Services instance is licensed. 

Not Licensed 

The current Presence Services instance is not licensed. 
Also provides a detailed description of the status. 

Started 

A particular component has started running. 

Unknown 

presstatus is unable to obtain the status of a particular 
component. 

Disabled 

A component is disabled. 

Active 

All noncontainer-based processes are active. For example, 
SIP-PS, SIP-GW, and so on. 
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Exporting and importing bulk users 


Exporting and importing bulk users 


Bulk import and export 

In System Manager, you can bulk import and export user profiles and global settings. To import 
data in bulk, you must provide an XML file or an Excel file as input file. While exporting data 
in bulk, the system can export the data to an XML file or an Excel file. The System Manager 
database stores the imported user profiles and global settings data. 

You can import and export the following user attributes in bulk: 

• Identity Data 

• Communication Profile Set 

• Handles 

• Communication profiles (CM Endpoint, Messaging, Session Manager, CS 1000 Endpoint, 
CallPilot Messaging, Conferencing, IP Office, and Presence profile data) 

You can import and export the following global settings attributes in bulk: 

• Public Contact Lists 

• Shared Addresses 

• Default access control list (ACLs) 

© Important: 

System Manager does not support the bulk import and export of roles. 


Bulk import and export using the Excel file 

In System Manager, you can import and export user profiles in bulk using an Excel file in 
addition to an XML file. To import data in bulk, provide an XML file or an Excel file as input that 
System Manager supports. When you export data in bulk from System Manager Web Console, 
the system exports the data to an XML file and an Excel file that System Manager supports. 

Microsoft Office Excel 2007 and later support bulk import and export in the .xlsx format. You 
can download the Excel template from the User Management page. 

Import and export in bulk using the Excel template has the following features: 

• Supports the following types of user information: 

- Basic. The identity data of the user 

- Handle. The communication address of the user 
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- Session Manager profile 

- CM Endpoint Profile 

- Messaging profile 

- Conferencing profile 

- IP Office Endpoint profile 

- CS 1000 Endpoint profile 

• Provides a description in the form of a tool tip for each attribute. The mandatory fields are 
marked. 

• Provides the login name in the Basic worksheet as the key attribute that you use in other 
worksheets to link the user records. 

• Supports only the primary communication profile set. 

Append the loginname with #primary in all worksheets except Basic to specify the 
association of the records with the primary communication profile set. For example, 
jmiller@avaya.com#p rimary. 

• Supports the creation, updation, and deletion of the user using the same Excel file. 
However, you can perform one operation at a time. 

• For updation, supports only the partial merge operation. 

Bulk import and export using Excel does not support the following: 

• All attributes that XML user import supports. For more information, see the Excel 
template. 

• Complete or partial replace of the user for imports in bulk. 

Feature of the Excel template 

• Though the header fields in the Excel template are editable, do not change any details of 
any headers in the worksheets. The import or export might fail if you modify the details of 
the header. 

• The data in Excel might display the warning message Number stored as Text. Ignore 
the warning. 


O Note: 

Do not change the data type of the cells in the Excel template. 

In Microsoft Office Excel 2007 and later, click Excel Options and clear the Numbers 
formatted as text or preceded by an apostrophe check box to turn off the warning 
message. 
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Bulk importing of users 

Procedure 

1. On System Manager Web Console, click Services > Bulk Import and Export. 

2. Click Import > User Management > Users. 

Also, to gain access to Import users, from System Manager Web Console, click 

Users > User Management. Click Manage Users and select More Actions > 
Import Users. 

3. On the Import users page, in the Select Import File Type field, select one of the 
following: 

•XML 

• Excel. Use the Excel template that System Manager supports. 

© Note: 

If you fail to use the template that System Manager supports, the system 
displays a message Authentication failed due to the import 
of invalid <*.xls> file. 

4. On the Import users page, in the Select File field, enter the complete path of the 
file or click Browse to locate and select a file. 

5. Select one of the following error configuration options: 

• Abort on first error 

• Continue processing other records 

6. For XML file type, click Complete in the import type. 

If you select Excel file type, the system does not display the import type option. 

7. Select one of the following import options: 

• To skip users in the import file that match the existing user records in the 
database, click Skip. 

• To replace the users in the database with the new users from the imported file, 
click Replace. Use this option to import new users and retain the existing 
users. 

If you select Excel file type, the system does not display the replace option 

• To update and merge the user attributes data from the imported file to the 
existing data, click Merge. 

• To delete the user records in the database that match the records in the 
imported file, click Delete. 
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8. To run the job, in the Job Schedule section, select one of the following options: 

• To import the users immediately, click Run immediately. 

• To import the users at a specified time, click Schedule later, and set date and 
time. 

9. Click Import. 

If you use the default configurations option Importing Users > Add Users in the 
database, the system imports the next user record even if the import user operation 
encounters an error while importing a user record. The system logs an error. Skip 
import of users that already exist in the database. The system schedules the import 
job to run immediately. 

C Note: 

The operations, Communication Manager Synchronization and Bulk Import of 
users, must not overlap in time. If Bulk Import of users is in progress and 
Communication Manager Synchronization is started, the current records under 
process fail. After the synchronization is complete, the remaining bulk import 
records process successfully. You must reimport the records that fail during 
synchronization. 


Exporting users in bulk using CLI 

Before you begin 

Start an SSH session. 

Procedure 

1. Log in to System Manager using SSH as root. 

2. To change the directory to exportutility, at the prompt, type cd 

$MGMT HOME/bulkadministration/exportutility/. 

MGMT_HOME is an environment variable that represents the System Manager 
HOME path. 

3. Type# sh exportUpmUsers. sh ... [OPTIONS]. 

4. (Optional) To modify the default values for optional parameters, change the 

$MGMT HOME/bulkadministration/exportutility/config/ 
bulkexportconf ig. properties file, where MGMT_HOME is an environment 
variable that represents the home path for System Manager. 

For example, # sh exportUpmUsers. sh -f userExport -r 1000 -s 0 -e 
1000 . 
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Chapter 3: Integrating Presence Services 

with Session Manager 


Overview of Session Manager with Presence Services 

Session Manager performs SIP routing and other session processing functions of an Avaya 
Aura® SIP network. It routes SIP (subscribe, publish) requests from Avaya SIP clients to 
Presence Services. This routing is based on a SIP request URI (Uniform Resource Identifier) 
containing the IP address of thePresence servers. 


Adding Session Manager to Presence Services 

Before you begin 

At the time of installation, you may have to add the Session Manager Asset IP 
address in the Session Manager Configuration Setting panel for Presence Services to 
integrate with Session Manager. 

If you did not enter the Session Manager Asset IP address then, you can enter it after 
the Presence Services installation. 

Procedure 


1. Log in to Presence Services XCP Controller Web interface. 

2. On the Presence Services home page, select Intermediate or Advanced 
Configuration view. 

3. Under the Router area, in the Core Router (Global router settings) section, click 

Edit. 


P~ ' 




• ' — - ./■ / 




Router 

Add a new 






Status 

Plugin 

Description 

Actions 

Ports 

Remove 






The system displays the Global Settings Configuration page. 
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4. Scroll down to Mutually Trusted Hostnames and enterthe Session Manager Asset 
IP address. 


Mutually Trusted TLS Hostnames 

Separate each hostname (or IP address) with a line break. 

Host Filters 

Host(s): 






pa-exa.*=ple. avaya. con 

146.147.xxx.xxx 



| Submit | | Reset | [ Cancel 



3 


5. Click Submit. 

6. Restart Presence Services. 


Verifying the hostname in the Presence Session Manager 

Procedure 


1 . 

2 . 


Log in to the XCP Controller Web interface. 

On the Intermediate configuration view of the controller, under Router, click Edit 
next to Presence Session Manager. 


Router 

Add a new 


Single Domain Name Support 


Status 

Plugin 

Running 

Core Router 

Running 

logger-1.presence 

Running 

jsm-l.presence 


Description Actions 

Global router settings Edit 

Logger Plugin Edit 

Presence Session Manager Edit 


I 

I 

s 


The system displays the Presence Session Manager Configuration page. 
3. Ensure that the new ID appears under Presence Session Manager. 
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Adding Presence Services as a SIP entity in System 
Manager 


Procedure 


1. Log in to System Manager Web Console as an administrator. 

2. On System Manager Dashboard, click Elements > Routing. 

The system displays the Introduction to Network Routing Policy page. 

3. On the left navigation pane, click SIP Entities. 





The system displays the SIP Entities page. 

4. Click New. 

The system displays the SIP Entities Details page. 

5. On the SIP Entities Details page, enter the following details: 

a. Name. Example, PresenceServer 

b. FQDN or IP Address. Presence Services IP address 

c. Type. Other 

d. SIP Link Monitoring. Use Session Manager Configuration 

6. To save the changes, click Commit. 

For more information, see the System Manager documentation. 
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Adding an entity link 

Procedure 


1. Log in to System Manager Web Console as an administrator. 

2. On System Manager Dashboard, click Elements > Routing > Entity Links. 


- - 

Routing « 

Domains 
Locations 
Adaptations 
SIP Entities 
Entity Links 
Time Ranges 
Routing Policies 
Dial Patterns 
Regular Expressions 


Home /Elements / Routing / Entity Links 


Entity Links 


1 


More Actions • 


5 Items Refresh 

Name SIP Entity 1 


rL 


Protocol Port SIP Entity 2 




5 




tls 


$061 aes-gis 


3. On the Entity Links page, click New and enter the following details: 

a. Name. Link name (Example: PresenceServerLink ) 

b. SIP Entity 1. Select Session Manager from the list 

c. Protocol. Select TLS. 

d. Port. 5061 

e. SIP Entity 2. Choose the same Presence Services name you created in the 
previous procedure (Example: PresenceServer) 

f. Port. 5061 

g. Connection Policy. Select Trusted. 

4. To save the changes, click Commit. 

For more information, see the System Manager documentation. 

You must set up an end-to-end TLS connection between the Presence server and 
the endpoints, which includes: 

• An entity link between Presence Services and Session Manager. 

• Entity links between multiple Session Manager. 

• SIP connections between Session Manager and Session Border Controller. 

• A connection between endpoints and controllers of the endpoints. 

For more information about end-to-end TLS connection for Session Border 
Controller and Session Manager, see the Administering Avaya Session Border 
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Controller for Enterprise guide and the Administering Avaya Aura® Session 
Manager guide. 


Avaya SIP Client(s) support 

SIP clients, such as Avaya one-X® Communicator 6.0/6.1 SIP, require the Presence Services 
SIP Client Support function to receive Presence information updates. This support extends the 
use of open IETF standards based on RFC 2543, 3265, 3903, and 3857 and open IETF 
standards from the family of documents collectively known as SIP for Instant Messaging and 
Presence Leveraging Extensions (SIP SIMPLE). 

The SIP Client Support function utilizes several modules, such as: 

• mod_simple performs SIP SIMPLE functionality. SIMPLE is an open standard based on 
RFCs that describe the integration of SIP (RFC 3261) with the Instant Messaging and 
Presence (IMP) standards. 

• mod_idmap enables SIP-based clients to publish and subscribe for Presence 
information. To do this, it applies SIP identifiers to internal JID representation using ID 
Mapping. 

• ID Mapping, you need ID Mapping for any SIP Presence Subscription where the SIP URI 
lies outside the Presence server domain. ID Mapping does the following: 

- Maps any SIP URI handle registered with System Manager to a single presentity. 

- Maps any Presence server presentity to its Primary SIP URI. 

- Supports mapping just the user (number) portion of E.164 handles to appropriate 
presentity. 

- Requires any SIP Presence Subscriptions where the SIP URI lies outside the 
Presence server domain. 

- Uses Resource list and winfo subscriptions to map the presentity to the most 
appropriate handle URI provisioned in System Manager. 

• mod_authz enables ACL-based Authorization through Authorization Management. It 
facilitates subscription to a list of contacts through Resource lists. 

Using Authorization, you can make Authorization decisions with Access Control Lists 
(ACL) set up in System Manager (SMGR). 
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Enabling required modules in Presence Session Manager 

Procedure 

1. Log in to Presence Services XCP Controller Web interface. 

2. On the Presence Services XCP Controller home page, select Advanced 
Configuration View. 

3. In the Router area, click Edit next to the Presence Session Manager. 

4. Under Optional Modules, select: 

• modidmap 

• modjauthz 

• modjsimple 

• modwinfo 

• mod joep 

5. Scroll down to Module Configuration to select and set SIP URI Mapping 
Configuration to Yes. 

6. To save your choices, click Submit. 

7. To see if the Authz component, the IdMapper component have been added to the 
Components page, go back to the Presence Services XCP Controller home page. 

8. To open the SIP Presence Service Configuration page, click Edit next to the SIP 
Presence Server under Components . 

9. Scroll down to set Enable ID Mapping to Yes. 

10. To save your choices, click Submit. 
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components 


Managing Presence components 


Presence components 

Presence Services 6.2 can support and integrate with multiple Presence sources, such as 
Microsoft Office Communicator clients on Microsoft OCS, and XMPP clients on XMPP server. 
The integration and support for these Presence sources depends on the overall solution 
capability in which you deploy Presence Services. At the time of publication of Presence 
Services 6.1, Avaya one-X® Communicator 6.0 does not support any external Presence 
sources. 


Adding Presence components 

Procedure 

1. Log in to the Presence Services XCP Controller Web interface. 

The URL format to open the Presence Services XCP Controller Web interface is 

https://<IP address>:7300/admin. 

2. Select the component that you want to add. 

3. Click Go. 

4. Enter details of the component as outlined under the component description. 

5. Click Save. 


Removing Presence components 
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Procedure 

1. Log in to the Presence Services XCP Controller Web interface. 

The system displays the Presence Services XCP Controller main page. 

2. Click Stop if the component is already running. 

3. Once the component stops, click Remove. 

A Caution: 

Do not remove the system default components. 


Configuring Presence Components 


AES Collector 

Adding AES Collector 

Before you begin 

• From System Manager, get the: 

- AES IP address 

- AES host name 

- Communication Manager name as known to AES 

• From the XCP configuration, get the: 

- AES user name with unrestricted access, as in CTI User = Yes 

- AES user password 

To monitor the presence information of a user through AES Collector, ensure that you meet 
the following minimum requirements: 

* Avaya Aura® Application Enablement Services version 6.1.3, with ASAI link version set 
to 5 

* Avaya Aura® Communication Manager version 6.3.0 

To monitor the presence information of a user through AES Collector that includes login and 
logout events, ensure that you meet the following minimum requirements: 
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* Avaya Aura® Application Enablement Services version 6.1.3.0.16, with ASAI link version 
set to 6 

* Avaya Aura® Communication Manager version 6.3 patch 20654 or version 6.3 combo- 
patch 2363 

© Note: 

To connect to AES Collector at the time of installing Presence Services, click AES 

Component Configuration Setting > inclAES > true. 

About this task 

You can add an AES Collector if you have not already installed one at the time of installation. 
Note that you cannot add multiple AES collectors on the same Presence Services instance. 

Procedure 

1. Log in to the Presence Services XCP Controller Web interface. 

2. In the Components section, select Add a new AES Collector and click Go. 

3. Select or change the fields by referring to the Reference section and then click 

Submit. 

4. Return to the Presence Services XCP Controller home page to determine if the 
system has successfully added AES Collector. 

The system displays a new entry in the Components section. For example, aes- 
collector-l.presence. 


Adding Communication Manager in System Manager 

Procedure 

1. Log in to System Manager Web Console as an administrator. 

2. On System Manager Dashboard, click Services > Inventory > Manage 
Elements . 

3. On the Manage Elements page, click New. 

4. Select CM from the drop-down box to open the configuration page for a new 
Communication Manager instance. 

5. Complete the following fields: 

• Name. Use a unique name 

• Connection type. Communication Manager 

• Node. IP address of your Communication Manager server 
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• Login, password and port. Access fields for your Communication Manager 
server 

6. Click Commit. 

7. On System Manager Dashboard, click Services > Scheduler > Completed Jobs 
to check if the Communication Manager synchronization job is complete 

This ensures that extensions from this Communication Manager are available for 
configuration in System Manager. 


Adding AES in System Manager 

Procedure 

1. Log in to System Manager Web Console as an administrator. 

2. On System Manager Dashboard, click Services > Inventory > Manage 
Elements . 

3. On the Manage Elements page, click New. 

4. From the Type drop-down box, select. 

5. Complete the following fields: 

• Name. The name of the application instance. It must be unique. 

• Connection type. The type of the application to which the application instance 
belongs, Application Enablement Services. 

• Description. A brief description about the application instance, Application 
Enablement Services. 

• Node. IP address of your Application Enablement Services server. 

6. Expand Access Point then click New. 

7. In the Access Points Details section, complete the following fields: 

• Name. The name of the access point. 

• Access Point Type. Displays the type of the access point. 

• Protocol. The protocol that the application instance supports to communicate 
with other communication devices. 

• Host. The name of the host on which the application instance is running. 

• Port. The port on which the application instance is running. 

• Path. Uniform Resource Identifier. 

• Order. The order in which the access points are accessed. 

8. Click Save. 
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9. Expand Port and then click New. 

10. In the Port Details section, complete the following fields: 

• Name. Name of the port. 

• Protocol. The protocol associated with the corresponding port. 

• Port. The port on which the application instance is running. 

• Description. A brief description about the port. 

11. Click Save. 

12. Click the Assign Application tab on top of the screen. 

13. On the Assign Applications screen, select an application, and then click Assign. 

14. Select the assigned application and the click Edit to populate the Assignment 
Name. 

The Assignment Name must contain the name of the Communication Manager as 
it is configured at the AES (Switch Connection Name). 

15. Click Commit. 


Related topics: 

AES certificates on page 49 

AES certificates 

Generally, you configure Presence Services with an AES Collector to connect to a particular 
AES. By default, an AES comes with a certificate that can be validated by the default Avaya 
CA certificate. Presence Services accesses this CA certificate when it connects to an AES 
through its AES Collector. So the connection between Presence Services (through the AES 
Collector) and AES works automatically. 

However, an administrator can change the AES certificate. Then this automated validation of 
the AES certificate does not happen. In this case, you must update Presence Services with 
the CA certificate that can validate this new AES certificate. You can do this by moving the CA 
certificate, in PEM format, over to the Presence Services system. To do this, you must run: 

$PRES HOME/presence/bin/prescert addTrusted pem <path to CA cert> 
alias <for example, "CACertForAES"> 

C Note: 

For more information on using the prescert script, go to the Maintenance Operations chapter 
in Administering Avaya Aura® Presence Services. 

When the AES certificate is self-signed, you can use the AES certificate itself as the CA 
certificate. 
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Adding AES user handles for H.323 on System Manager 

Procedure 

1. Log in to System Manager Web Console as an administrator. 

2. Click Users > User Management > Manage Users. 

The system displays the User Management page. 

3. Select the relevant user and click Edit. 

The system displays the User Profile Edit page. 

4. On the Communication Profile tab, in the Communication Address section, click 

New. 

5. From the Type drop-down box, select Avaya E.164. 

6. In the Fully Qualified Address: field, enter the handle and domain details. For 
example, in the Handle field, enter +35311230121. 

The system displays the value for the Domain field by default. 

7. Click Add. 

Traditional H.323 hard phones in a Avaya one-X® Communicator deployment do 
not work through SIP. Since the H.323 hard phones do not need SIP support in this 
solution, Session Manager is also not required. Therefore, the AES Collector 
collects the presence of H.323 hard phones and sends the presence to Presence 
Services. 


Related topics: 

Adding a presence profile for a user on page 50 

Adding a presence profile for a user 
About this task 

After adding an AES user handle to a user, you must assign a presence profile to the user. 

Procedure 

1. Click Users > User Management > Manage Users. 

The system displays the User Management page. 

2. Select the newly added user and click Edit. 

3. On the Communication Profile tab, select the Presence Profile check box. The 
system displays the Presence Profile fields. 

4. From the Primary PS Server SIP Entity drop-down box, select a system. 

5. From the Publish Presence with AES Collector drop-down box, select one of the 
following options: 
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• System Default. The default value that the system applies to all the users. 
The options for the System Default field is On or Off, which is applicable 
system-wide . If you set System Default to on, users publish presence 
information using AES Collector. If you set System Default to off, users cannot 
publish the presence information using AES Collector. 

• Off. If you set the value to Off, users cannot publish the presence information 
using AES Collector. 

• On. If you set the field to On, users publish the presence information using 
AES Collector. 

© Note: 

For a user, you can override the global System Default field value by changing 
the setting to On or Off. For example, if the System Default value is set to On, 
but you do not want a user to publish the presence information through AES 
Collector, set the Publish Presence with AES Collector field to Off. 

For more information about the Publish Presence with AES Collector field, see 
Setting the domain substitution rule on page 24. 

6. To save the changes, click Commit. 


AES Collector configuration reference 


Related topics: 

AES Collector Configuration basic parameters on page 51 
AES Collector Configuration advanced parameters on page 52 

AES Collector Configuration basic parameters 
Description 

This parameter figures in the Components area on the main page of Presence Services XCP 
Controller Web interface. It helps you distinguish between components of the same type when 
you have more than one configured components. You can change the description as 
needed. 


AES Collector component 

The properties in this section are specific to the AES Collector Component. 

Default AES Username 

The default user name that the collector uses when connecting to an AES. When Presence 
Services connects to an AES to monitor an endpoint, it uses this user name unless an Override 
by AES item has been created for the AES, in which case the user name supplied on the 
Override By AES page is used. 

Default AES Password 

The default password that the collector uses when connecting to an AES. When Presence 
Services connects to an AES to monitor an endpoint, it uses this password unless an Override 
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by AES item has been created for the AES, in which case the password supplied on the 
Override By AES page is used. 

AES Collector Configuration advanced parameters 
AES Collector Component 
Default Publish DND Status 

The DND or Do Not Disturb feature can be configured for endpoints on an Avaya 
Communication Manager the feature button within Communication Manager is called 
SendAIICalls. If an endpoint is configured so that it has the use of the SendAIICalls feature, 
its handset can have a SendAIICalls button that can be used to turn on and off the endpoint’s 
DND status. However, early versions of the AES (before 4.1) and Communication Manager 
(before 5.0) software are not able to dynamically transmit this information to Presence 
Services. Machines running these early versions of the AES/Communication Manager 
software transmita the SendAIICalls state of an endpoint just once when Presence Services 
first starts watching it. Later updates to the SendAIICalls state are not transmitted. An endpoint 
that had a basic status of closed when Presence Services first started watching it because its 
SendAIICalls state was on will retain this status for as long as Presence Services watches it, 
despite any later changes to the state of its SendAIICalls button. For this reason, the Default 
Publish DND Status must be set to No, if any of your servers runs AES software prior to 
version 4.1 or CM software that predates version 5.0. 

If Default Publish DND Status is set to No then no DND information will be published by 
Presence Servicesfor any endpoint whether SendAIICalls buttons are on or off. 

If the Default Publish DND Status is set to Yes and if an endpoint’s SendAIICalls button is 
on, Presence Services publishes a DND activity element for that endpoint and its basic status 
is set to closed. 

The Default Publish DND Status can be overriden for a particular AES/CM combination with 
an Override by Communication Manager item embedded in an Override by AES item. 

Add a new parameter override by AES 

The Parameter Override XCP web pages cannot be used to tell the collector which AES or 
Communication Manager (CM) hosts to connect to but influences how a connection to the 
indicated AES or AES/CM is made and managed. The Parameter Override By AES page can 
be used to change the user name/password used with a particular AES. 

€ Important: 

The IP Address field must match the Node field in System Manager. To verify the value: 

1. Log in to System Manager Web Console. 

2. On System Manager Dashboard, click Services > Inventory > Manage 
Elements. 

3. Select the AES element and then click Edit. 

4. Ensure that the value in the Node field matches with the IP Address field. 

The value for the Node or IP Address field is case sensitive, ensure that you enter the same 
value for both the fields. 

The Parameter Override By Communication Manager page can be used to prevent specific 
types of connections and control DND reporting for a specific AES/CM pair. For instance, 
prevent a Named Licensing connection to a host running AES 4.2.0. 
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Time (minutes) endpoint is on-hook until being declared Away 

AES Collector starts the Time (minutes) endpoint is on-hook until being declared Away timer 
when an endpoint goes on-hook. The unit of the timer is Minutes. The default value of the field 
is 0. You can set values between 0 and 1440 (equivalent of 24 hours). If you enterO, the system 
disables the Time (minutes) endpoint is on-hook until being declared Away timer. 

When the Time (minutes) endpoint is on-hook until being declared Away timer expires, the 
system changes the presence of the endpoint from available to away. 

Time (minutes) endpoint is Away until being declared Out Of Office 

AES Collector starts the Time (minutes) endpoint is Away until being declared Out Of Office 
timer when the endpoint goes off-hook. The unit of the timer is Minutes. The default value of 
the field is 0. You can set the values between 0 and 10080 (equivalent of 1 week). If you enter 
0, the system disables the Time (minutes) endpoint is Away until being declared Out Of Office 
timer. If the value of the Time (minutes) endpoint is on-hook until being declared Away timer 
is set to 0, the system disables the Time (minutes) endpoint is Away until being declared Out 
Of Office timer even if you enter a value greater than 0. 

When the Time (minutes) endpoint is Away until being declared Out Of Office timer expires, 
the system changes the presence of the endpoint to Out of Office. 


RTC Collector 

Adding a new RTC Collector 

About this task 

If you did not add a new RTC Collector at the time of installing Presence Services, you must 
add and configure a new RTC Collector. 

For more information, see RTC Collector. 

Procedure 

1. Log in to the Presence Services XCP Controller Web interface. 

2. In the Components area, select RTC Collector from the Add a new drop-down list, 
and click Go. 

3. Change the fields and then click Submit. 

For more information on changing the fields, see the Administering Avaya Aura® 
Presence Services guide. 

4. To check whether the RTC Collector is added, go back to the Presence Services 
XCP Controller Home page. 
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The system displays a new entry in the Components section. For example, rtc- 
collector-l.presence. 


Adding and configuring the RTC Collector 

Procedure 

1. Log in to the Presence Services XCP Controller Web interface. 

2. Select the Advanced configuration view, in the Components area, select RTC 
Collector from the Add a new drop-down list, and click Go. 

3. Complete the following settings: 

a. MS RTC Collector Configuration: Select the MS RTC Collector 
Configuration check box. 

b. User Name: Enter the <RTC User Name> value. 

c. PS SIP Domain: The system displays the value for this field by default. 

d. Transport: The system displays the value for this field by default. 

O Note: 

Accept the default values for other fields. 

e. Define the next hop for a domain: Enter the <RTC SIP domain><PS IP 
address> 5 061 . 

f. Select the Define an optional external contact for SIP servers to use to 
contact the RTC Collector check box. 

g. In the External hostname that SIP servers will use for contact field, define 
an optional external hostname that SIP servers use to contact to the RTC 
Collector: Enter <PS FQDN>. 

h. In the External port that SIP servers will use for contact field, define an 
optional external port that SIP servers use to contact to the RTC Collector: Enter 

5061 . 

4. Click Submit to save the changes. 


Adding Microsoft OCS/Lync SIP user handles or RTC handles to System 
Manager 

Procedure 

1. Log in to System Manager Web Console as an administrator. 

2. On System Manager Dashboard, click User Management > Manage Users. 
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3. On the User Management page, select the relevant user and click Edit. 

4. On the User Profile Edit page, click the Communication Profile tab. 

5. On the Communication Profile page, click New in the Communication Address 
section. 

6. From the Type drop-down list box, select Microsoft OCS SIP. 

7. In the Fully Qualified Address: field, enter the handle and domain details. 

For example, in the Handle field, enter sip: handle and in the Domain field, enter 

ocsdomain.com. 

8. Click Add. 


SIP Proxy Configuration 

The SIP Proxy configuration must be changed if you have added, removed, or reconfigured 
the following: 

• the RTC Collector 

• the SIP Gateway for OCS 


SIP Proxy Transport field descriptions 

PS IP Address 

IP address of the Presence server. 

PS FQDN 

Fully Qualified Domain Name (FQDN) of the Presence server. 

Cm name 

The name of the OCS Connection Manager component as displayed on the Presence Services 
XCP Controller Web page without the Presence Services Realm. By default, this is cm-7 or 
cm-2. 

Bulksub name 

The name of the SIP Bulk Subscription Server component as displayed on the Presence 
Services XCP Controller Web page without the Presence Services Realm. By default, this is 
sip-bulksub-1. 

Ps name 

The name of the SIP Presence Server component as displayed on the Presence Services XCP 
Controller Web page without the Presence Services Realm. By default, this is sip-ps-1. 
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SIP Proxy remote host field descriptions 

PS IP Address 

IP address of the Presence server. 

PS FQDN 

Fully Qualified Domain Name (FQDN) of the Presence server. 

RTC SIP Edge 

The host name of the RTC Edge server. 

RTC SIP domain 

The SIP domain used by the RTC servers. 

OCS SIP edge 

The host name of the OCS Edge server. 

OCS SIP domain 

The SIP domain used by the OCS servers. 


SIP Proxy Routing Rules field description 

PS IP Address 

IP address of the Presence server. 

PS FQDN 

Fully Qualified Domain Name (FQDN) of the Presence server. 

Router service name 

The Presence Services Router Service Name. This is the domain name for the Presence 
Services server that was set at the time of installation. 

RTC SIP Edge 

The host name of the RTC Edge server. 

RTC SIP domain 

The SIP domain used by the RTC servers. 

RTC user federated user name 

Used to subscribe to RTC Presence. 

OCS SIP edge 

The host name of the OCS Edge server. 

OCS SIP domain 

The SIP domain used by the OCS servers. 

CM name 

The name that the AES associated with the parent override page uses to identify a CM. This 
field is required. If the collector needs to monitor an endpoint through a connection to this AES/ 
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CM combination, it will use the settings entered on the two override pages instead of the 
common settings entered on the AES Collector Configuration page. 

Bulksub name 

The name of the SIP Bulk Subscription Server component as displayed on the Presence 
Services XCP Controller Web page without the Presence Services Realm. By default, this is 
sip-bulksub-1. 

Ps name 

The name of the SIP Presence Server component as displayed on the Presence Services XCP 
Controller Web page without the Presence Services Realm. By default, this is sip-ps-1. 


RTC Collector configuration reference 


Related topics: 

RTC Collector Configuration basic parameters on page 57 
RTC Collector Configuration advanced parameters on page 57 

RTC Collector Configuration basic parameters 
User Name 

This is the user name. 

PS SIP domain 

The User Name and PS SIP Domain are combined. For example, : 
sip:AvayalPS@pres.tjs21.avaya.com, to create the URI of the user who SUBSCRIBES to 
MOC/Lync clients for the collector. The value of the User Name is not important, but Avaya 
recommends that you do not change the PS SIP Domain unnecessarily once it has been set 
at installation. 

Transport 

Enables you to define if the component is a gateway or transport. 

Expires 

The Expires setting determines the lifespan of a subscription as requested by the collector. 
The OCS host actually determines the lifespan of a subscription so this value is just a 
suggestion. 

Subscription failure retry 

Subscription failure retry determines how long the collector waits before trying to SUBSCRIBE 
to a MOC/Lync client after failing to SUBSCRIBE. 

Server failure retry 

Server failure retry determines how often the collector attempts to SUBSCRIBE to a random 
MOC/Lync client in a domain as a way of detecting if any SUBSCRIBES are possible. This 
affects only domains in which all attempts to SUBSCRIBE are timing out. 

RTC Collector Configuration advanced parameters 
Static routes 

Defines the next hop for a domain (domain next-hop nexthop- port). 
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The Presence Services installation uses the Static Routes edit box to configure the RTC 
Collector to send SUBSCRIBES to the SIP-PROXY. 


A Caution: 

Making changes to static routes or adding a static route after installation requires multiple 
changes to at least the SIP-PROXY and SIP/ SIMPLE gateway configurations. 

External hostname that SIP servers use for contact 

Defines an optional external contact for SIP servers to use to contact the RTC Collector. 

The contact settings are inserted into SUBSCRIBE requests and tell the OCS Edge where to 
send NOTIFYs. The Presence Services installation configures these fields to make the SIP- 
PROXY the receiver. The SIP-PROXY then routes NOTIFYs to the RTC Collector. 


A Caution: 

Do not modify unless required. 

External port that SIP servers will use for contact 

Defines an optional external contact for SIP servers to use to contact the RTC Collector. 

The contact settings are inserted into SUBSCRIBE requests and tell the OCS Edge where to 
send NOTIFYs. The Presence Services installation configures these fields to make the SIP- 
PROXY the receiver. The SIP-PROXY then routes NOTIFYs to the RTC Collector. 


A Caution: 

Do not modify unless required. 


OCS Gateway 


Introduction 

Overview - OCS/Lync integration 

Avaya Aura® Presence Services is a multiprotocol, multifunctional server providing presence 
and IM services to Avaya Aura® users. Presence Services collects and distributes the 
communication status of an Avaya Aura® user from the various communication endpoints 
connected on an enterprise network. Presence Services provides aggregation and 
composition services in its Event State Compositor (ESC) to create a composite presence 
document for an Avaya Aura® user. This composite presence document is available to any 
authorized subscribing enterprise user. A Presence server aggregates the presence for an 
Avaya Aura® user and obtains the presence of a user from the following sources: 

* PIDF presence published by Avaya Aura® clients using both SIP and XMPP. 

• Collected presence from an integrated enterprise system, for example, telephony 
presence through AES collection. 
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• Third-party presence integration such as Microsoft OCS/Lync collects presence. 

• Collection of an enterprise user Microsoft OCS/Lync presence that requires the 
deployment and enabling of the Presence Services RTC Collector component. The 
collection and aggregation of the Microsoft OCS/Lync presence of an Avaya Aura® user 
requires the deployment, and enabling of the Presence Services RTC Collector 
component. The RTC Collector component interacts with an OCS/Lync server through 
an Edge server and retrieves the Microsoft OCS/Lync presence of an Avaya Aura® 
user. 

Additionally, Presence Services provides IM capabilities to Avaya Aura® users. This capability 
is achieved using the XMPP protocol support within an Avaya Aura® client. Thus, all Avaya 
Aura® clients, which are enabled for IM use XMPP for managing their IM conversations. Avaya 
Aura® users can engage in IM conversations with each other through their Avaya Aura® clients. 
After enabling the OCS Gateway the scope of this interaction is extended. Thus, an Avaya 
Aura® user can engage in an IM conversation with another enterprise user, who is using 
Microsoft Office Communicator (MOC)/Lync clients for their IM communications. Thus, 
enabling the OSC Gateway within the installation of Presence Services installation supports: 

• Avaya Aura® users, using their Avaya Aura® clients, can IM the other enterprise user 
colleagues who are using Microsoft Office Communicator (MOC)/Lync clients. 

• Enterprise users, using MOC/Lync clients, can initiate an IM conversation with their 
enterprise colleagues who are usingAvaya Aura® clients. 

Additionally, an Enterprise user can obtain the overall presence availability of their Aura 
colleagues by adding the presence handle of an Avaya Aura® user to their buddy list. The 
MOC/Lync client displays the presence against the contact address of an Avaya Aura® user. 


O Note: 

You can enable RTC Collector and OCS Gateway during the Presence Services installation. 
But if you decide to enable RTC Collector and OCS Gateway after you have installed 
Presence Services, see the Integrating RTC Collector and Integrating OCS Gateway section 
in this document. 

The main purpose of integrating an OCS Gateway with Presence Services is to provide an IM 
interoperability and presence distribution from Presence Services to the OCS/Lync users. In 
the latter scenario, an Avaya Aura® user is added to buddy list of an MOC/Lync user, so that 
you can obtain an overall availability of an Avaya Aura® user. As a result, you have two buddies 
in your buddy list. This requires that a Presence server is configured as a federated IM provider 
in the deployment of an OCS/Lync Edge server. This federated interworking model requires 
the management of trust configuration between the two systems, and the setup of network 
configuration in the form of DNS records (SRV and Host A records). 

When you enable and deploy an OCS Gateway in a Presence Services installation, an 
enterprise user using an MOC/Lync client can engage in IM conversations with a colleague 
who is using an Avaya Aura® client. Additionally, the enterprise user using the MOC/Lync client 
can see an overall availability of an Avaya Aura® user, by adding the presence handle of an 
Aura user to their buddy list. 
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The Presence server and OCS/Lync integration architecture 

In the deployment of Presence Services, the following architectural components, integrated 
with OCS/Lync for the IM and presence information, are used: 

• RTC Collector 

• OCS Gateway 



MOCcM* 
uJ*f2@pK)«rno com 


In the figure that shows a sample deployment, the OCS server resides on the ipsdemo.com 
domain, Presence Services resides on the pres.ipsdemo.com domain, while the Avaya Aura® 
domain resides on glob.ipsdemo.com. Therefore, users provisioned in System Manager have 
a domain substitution rule. This substitution rule converts the user name, 
username@glob.ipsdemo.com, to a Presence Services user identifier, 
username@pres.ipsdemo.com, for provisioned users in System Manager. The FODN for 
Presence Services is ipsdemo-ipsl .ipsdemo.com, the external FODN for the OCS server is 
ipsdemo-winsrv1.glob.ipsdemo.com, and the FODN for the OCS Edge server is ipsdemo- 
winsrv2.glob.ipsdemo.com. This sample deployment is used as an example in this guide to 
show the configuration input. 

For more information on the domain substitution rule, see Implementing Avaya Aura® Presence 
Services. 

Within the Presence server, a number of server components provide RTC Collector and OCS 
Gateway services. 
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The figure that illustrates the component view shows the Presence Services RTC Collector 
component and the OCS Gateway component communicating with an OCS Edge server. The 
SIP requests from RTC Collector and OCS Gateway to the OCS Edge server are routed 
through the SIP Proxy of Presence Services and then through an OCS Edge server. 

The Presence Services integration with OCS/Lync is based on a federated interworking 
deployment between the two systems. You can administer Presence Services as a federated 
provider on the OCS/Lync environment that enables the exchange of IM and presence between 
the two systems. The main components from the Avaya Aura® perspective are: 

* Avaya Aura® clients. 

• Presence Services system that includes the RTC Collector component. 
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• The OCS Gateway component. 

• The SIP Proxy component. 

The main components involved from an OCS/Lync perspective are: 

• OCS/Lync Edge. 

• OCS/Lync server. 

• MOC/Lync clients. 

• DNS server. 

• Active Directory. 


Enabling and Configuring an RTC Collector 

Overview - The RTC Collector 

The RTC Collector component is part of the ESC functionality of Presence Services. The RTC 
Collector component is also an integral part of the aggregation and composition functionality 
within Presence Services. The main purpose of the RTC Collector is to collect and monitor the 
OCS presence and then feed the ESC of Presence Services for aggregation and composition. 
In doing so, the RTC Collector sends a SIP SUBSCRIBE for each Avaya Aura®user to the 
OCS/Lync server. This SIP SUBSCRIBE contains an RTC handle of an Avaya Aura® user as 
the target of the subscribe request, as specified in the request URI and in the To header field 
of the SIP request. To facilitate the subscription process, configure the RTC Collector with a 
system user. This system user is used as the subscribing user for the OCS/Lync subscription. 
The user name for this system user is specified in the RTC Collector configuration screen that 
you can gain access to through the XCP Controller Web interface. You can also specify the 
RTC system username during the installation of the Presence server when you select the RTC 
Collector.. 

You must provision the RTC handle associated with an Avaya Aura® user in System Manager 
to enable the RTC Collector to the presence of an OCS/Lync user. When the system 
administrator provisions the RTC handles in System Manager, the Avaya Aura® users are 
propagated to Presence Services by the replication service running on System Manager 
(DRS).The Presence subscriptions from the RTC Collector are subject to normal authorization 
control within the OCS/Lync domain. The OCS server must authorize the Presence 
subscriptions before the OCS/Lync server sends the presence of an MOC/Lync user to the 
RTC Collector. If this authorization is not in place, then either the RTC Collector receives an 
error response or the OCS/Lync server executes polite blocking. During polite blocking, a 
closed presence state is received. An enterprise user logged on the MOC/Lync client receives 
an authorization request for the user presence from the RTC Collector system user, for 
example, PSAdmin user, and the user must accept the request to allow the RTC Collector 
system user to receive their MOC/Lync presence. 

RTC Collector parameters 

When you are enabling the RTC Collector during the installation, then you must provide the 
following parameters: 
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• RTC Collector Username: The federated user name used to make a subscription for the 
OCS/Lync Presence of an Avaya Aura® user. Note that this appears on the RTC Collector 
configuration screen as the User Name configuration parameter, for example, PSAdmin. 
Referred to as the RTC System User. 

• RTC SIP Domain: The SIP Domain of the OCS/Lync server. This domain appears on the 
RTC Collector configuration screen in the Static Routes configuration parameter, for 
example, ipsdemo.com. 

• RTC Collector Port: A default value of 45061 is presented. Accept this value. 

• RTC Edge: The external FQDN of the OCS/Lync Edge server. 

You must also use the following parameters during the installation and configuration of an RTC 
Collector: 

• Router Service Name: Presence Services Router Service Name. This is the domain name 
associated with the Presence server that will be set at the time of installation. This name 
appears on the RTC Collector configuration screen as the Presence Services SIP Domain 
configuration parameter, for example, pres.ipsdemo.com. 

• Presence Services IP Address: The IP address of the Presence server. Note: The system 
displays the Presence Services IP address on the RTC Collector configuration screen in 
the Static Routes parameter, for example, 135.64.22.133. 

• Presence Services FQDN: The Fully Qualified Domain Name (FQDN) of the Presence 
server. 

O Note: 

The system displays the RTC Collector configuration screen as the external host name 
for a contact parameter, for example, ipsdemo-ipsl .ipsdemo.com. 

From these installation parameters, the system displays the following configuration parameters 
on the configuration screen of an RTC Collector: 

• User Name: PSAdmin 

• PS SIP Domain: pres.ipsdemo.com 

• Transport: tls 

• Port: 45061 

• Expires (seconds): 86400 

• Subscription Failure Retry: 3600 

• Server Failure Retry: 3600 

• Static Routes: ipsdemo.com 135.64.22.133 5061 

• External hostname that the server uses for contact: ipsdemo-ipsl.ipsdemo.com 

• External port that the server uses for contact: 5061 

The SIP Proxy plays an integral part in the processing of a SIP SUBSCRIBE that the system 
sends from the RTC Collector to an OCS/Lync server, and in the processing of a NOTIFY that 
the system sends from an OCS/Lync server to the RTC Collector system user. You must define 
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routing rules in the SIP Proxy, which routes SIP requests to their appropriate destination 
servers. The following two rules govern the flow of SIP requests to and from OCS/Lync: 

• The outbound SIP SUBSCRIBE requests from Presence Services to OCS/Lync rule: This 
rule specifies that if the To header is to the OCS/Lync domain and if the From header is 
from the Presence Services domain, that default SIP routing rules is applicable. 

• The inbound SIP NOTIFY request rule: This rule specifies that a SIP NOTIFY method 
with a To header containing the RTC Collector system user will route to the RTC 
Collector. 

• The default SIP routing rules: This rule determines the destination IP address of the 
destination server in the target domain. The SIP Host mapping in the Remote Host 
Configuration of the SIP PROXY assists in resolving the target domain for default SIP 
routing rule. A SIP Host mapping maps an OCS/Lync domain to the external FQDN of an 
OCS/Lync Edge server. 

€ Note: 

The external FQDN of the OCS/Lync Edger server must be resolvable and requires an 
entry in the /etc/hosts file. Ensure that the /etc/hosts file contains an IP address 
for the external FQDN of the OCS/Lync Edge server. 

RTC collector deployment checklist 


# 

Server 

Task 

✓ 

1 

Presence server 

Enable, deploy, and 
configure RTC Collector 
in the Presence server. 



Presence server 

Check that the Presence 
Services SIP Proxy 
routing rules and Host 
mapping configuration 
has been set for 
integration with OCS/ 
Lync. Check that LCS 
routing compatibility is 
set to Yes. 



OCS/Lync CA and 
OCS/Lync Edge 

Set the server 
authentication and client 
authentication properties 
when you generate a TLS 
certificate for the OCS/ 
Lync Edge server' 



OCS/Lync Edge 

Download the CA 
certificate that the system 
signs for the external 
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# 

Server 

Task 

✓ 



certificate of the Edge 
server. 



Presence server 

Copy the OCS/Lync 

Edge server CA 
certificate to Presence 
Services. 



OCS/Lync Edge and 
Presence server 

Add the CA certificate for 
the Edge server to 
Presence Services to the 
PS trust store. 



OCS/Lync Edge server 

Upload the Presence 
Services CA certificate to 
the OCS/Lync Edge 
server and add the 
Presence Services CA 
certificate to the trust 
store of the OCS/Lync 
Edge server. By default, 
the Presence Services 

CA certificate is usually 
the System Manager CA 
certificate. Use the 
Presence Services CA 
certificate to sign the 
Presence Services TLS 
certificate. 



Presence server 

Verify that the CA 
certificate that you 
downloaded exists in 
trust store, execute the 
prescert list command. 



OCS/Lync Edge and 
Presence server 

Verify the configuration 
status for both servers, 
check trust stores, and 
DNS configuration on the 
OCS/Lync Edge server. 



OCS/Lync Edge server 

Configure Presence 
Services as an IM 
provider on the Edge 
server. 



OCS/Lync Active 
Directory 

Configure OCS/Lync 
users and enable the 
OCS/Lync users for 
federated inter-working. 
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# 

Server 

Task 

✓ 


System Manager 

Add OCS/Lync handles 
for users onSystem 
Manager. 



RTC Collector configuration worksheet 

The following table outlines a set of parameters that you must know before enabling an RTC 
collector: 


Configuration parameter 
Name 

Parameter value 

Default value presented on the 
configuration screen 

User Name 



PS SIP Domain 1 


The service router name configured 
during the installation 

Transport 


TIs 

Port 


45061 

Expires 


86400 

Subscription Failure retry 


3600 

Server Failure retry 


3600 

Static Routes 2 


<OCS DomainxIP address of 
Presence Services><Port> 

SIP SUBSCRIBE Contact 
FCDN 3 


- 

SIP SUBSCRIBE Contact Port 


- 


Checklist for adding a new RTC Collector 

The system combines the RTC system user name and Presence Services SIP Domain to 
create the URI of a user who subscribes to an MOC/Lync client on behalf of the RTC Collector. 
The value of the user name is not important, but you must set the user name to a value that 


1 The system provides the Presence Services domain by default for this parameter. This equates to the Service Router 
Name that the system provides at the time of the Presence server installation. 

2 The static route configures the next hop destination for the SIP SUBSCRIBE. The next hop should be SIP Proxy. The 
system presents the IP address of Presence Services and the port 5061 by default for this parameter. The system 
administrator must complete this static route by preceding these two entry values with the OCS domain, for example, if 
the IP address of your Presence Services is 135.64.22.133 and the OCS domain is ipsdemo.com, then 135.64.22.133 
5061 appears in the static route. Complete the static route by adding ipsdemo.com before the IP address to give a 
configuration ofipsdemo.com 135.64.22.133 5061. 

3 Select the “Define an optional external contact for SIP server to contact the RTC Collector” check box and then fill in the 
two associated configuration parameters: External host name that SIP server uses for contact and External port that SIP 
server uses for contact, with the FQDN of the Presence server and the port 5061 respectively. These values set the Contact 
header in the SIP SUBSCRIBE, which uses as the request URI in the NOTIFY request sent by the OCS server. The 
objective is that the system uses Contact address as the NOTIFY R-URI by the OCS server. 
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identifies this instance of the RTC Collector. For example, PSAdmin. The OCS/Lync server 
will then receive subscription requests from sip:PSAdmin@<PS Domain>. 

Ensure that you know the values for the following parameters: 


Component 

Description 

✓ 

Router Service name 

Ensure that the Presence Services 
Router Services name is the domain 
name for the Presence server that was 
set at the time of installation. 


RTC User 

The defaulted federated user name 
used to subscribe to RTC Presence. 


RTC SIP Domain 

The SIP domain that the RTC servers 

use. 


Presence Services IP Address 

The IP address of the Presence 

server. 


Presence Services FODN 

The Fully Oualified Domain Name 
(FODN) of the Presence server. 



Adding and configuring the RTC Collector 
Procedure 

1. Log in to the Presence Services XCP Controller Web interface. 

2. Select the Advanced configuration view, in the Components area, select RTC 

Collector from the Add a new drop-down list, and click Go. 

3. Complete the following settings: 

a. MS RTC Collector Configuration: Select the MS RTC Collector 
Configuration check box. 

b. User Name: Enter the <RTC User Name> value. 

c. PS SIP Domain: The system displays the value for this field by default. 

d. Transport: The system displays the value for this field by default. 

O Note: 

Accept the default values for other fields. 

e. Define the next hop for a domain: Enter the <RTC SIP domainxPS IP 
address> 5 061 . 

f. Select the Define an optional external contact for SIP servers to use to 
contact the RTC Collector check box. 

g. In the External hostname that SIP servers will use for contact field, define 
an optional external hostname that SIP servers use to contact to the RTC 
Collector: Enter <PS FQDN>. 
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h. In the External port that SIP servers will use for contact field, define an 
optional external port that SIP servers use to contact to the RTC Collector: Enter 

5061 . 

4. Click Submit to save the changes. 


Configuring the SIP Proxy routing rules for RTC Collector 

Add the routing rules in the SIP Proxy manually. You must configure the following rules: 

• Outbound SIP SUBSCRIBE to OCS 

• Inbound SIP NOTIFY from OCS 

C Note: 

The addition of routing rules is linear, that is, a new rule is added directly after the last rule 
is defined. You must take note of the last rule currently defined, which should be a default 
routing rule or catch all, which routes all remaining SIP requests, not covered by the 
preceding rules, to the SIP Presence server or SIP PS component. Once you record this 
rule, remove this rule. 

Record any rule that has been defined to route the SIP method "NOTIFY" to the default SIP 
routing. Once you have recorded the rule, remove it. 

Add the two new routing rules for the RTC Collector, and then add the recorded routing 
rule. 

Before you begin 

Ensure the following: 

• The Add Record-Route header field is set to No. 

• The Enable LCS Routing compatibility field is set to Yes. 

Also, consider the following possible scenarios: 

• RTC Collector is being enabled and deployed and the OCS Gateway is not enabled and 
deployed. 

• RTC Collector is being enabled and deployed and the OCS Gateway has been previously 
enabled and deployed. 

If the OCS Gateway has already been enabled before the RTC Collector, then a number 
of relevant routing rules for the RTC Collector will exist. 

Procedure 

1 . On the Presence Services XCP Controller home page, select the Advanced 
configuration view. 

2. In the Components area, click Edit in the Actions column next to the SIP Proxy 
component. 
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3. On the SIP Proxy Configuration page, scroll down to the SIP Proxy Routing Rules 
section. 

4. Review the last routing rule, click details of the last routing rule table entry, and 
record the details of this rule. The system displays the Routing Rule Configuration 
page. 

O Note: 

This rule specifies the default rule or catch all rule routing SIP requests to SIP 
Presence Services. If the rule does not specify these details, there is a potential 
error in your proxy configuration. 


Related topics: 

Checking and recording a default routing rule on page 69 

Checking and recording a default routing rule 
Procedure 

1. In the Destination Routes section, the system selects the Use a specific 
destination for this rule check box by default. In the rule-destination text box, 
check the entry for rule destination. For example, sip-ps-1. If the system deploys 
more than one SIP Presence Services, then each of the SIP Presence Services will 
be listed in the destinations input box. 

2. Click Cancel and then click OK to return to the main configuration page for the SIP 
Proxy. 

3. On the last routing rule, click Remove to remove this rule. You can recreate this 
rule manually after the system adds the RTC Collector routing rules. 


Adding the RTC Collector routing rule 

While adding the RTC Collector routing rules, consider the following possible scenarios: 

• Adding RTC Collector when OCS Gateway is not enabled 

• Adding RTC Collector when OCS Gateway is enabled 

C Note: 

In each case, there is a rule to govern the outbound SIP requests (SUBSCRIBE) and the 
inbound SIP requests (NOTIFY). 

Related topics: 

Outbound SIP SUBSCRIBE routing rule on page 70 
Inbound SIP NOTIFY routing rule on page 70 
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Outbound SIP SUBSCRIBE routing rule 
About this task 

The outbound SUBSCRIBE is based on the To and From header field. The From header rule 

pattern has a domain specified as the Presence Services domain, for example, 

pres. ipsdemo.com. The To header rule pattern specifies the OCS/Lync domain, for example, 

ipsdemo.com. 

Procedure 

1. On the SIP Proxy Configuration page, scroll down to the SIP Proxy Routing Rules 
section, and click GO to add a new SIP PROXY Routing Rule. The system displays 
the SIP Proxy Routing Rule Configuration page. 

2. Select the To Hosts check box. 

3. In the input box, enter the OCS/Lync domain. For example, ipsdemo. com. 

4. Select the From Hosts check box. 

5. In the input box, enter the PS domain. For example, pres. ipsdemo. com. 

6. Add the routing destination for this rule. 

7. From the Destination Routes section, select use sip default routing rules. 

8. On the SIP Proxy Routing Rule Configuration page, click Submit to save the 
changes. 


Inbound SIP NOTIFY routing rule 
About this task 

This rule routes NOTIFY requests to the RTC Collector. This rule is based on recognizing the 
NOTIFY method and filtering on the To header field of this NOTIFY. The To header field will 
have the RTC Collector user as its target, for example, PSAdmin@pres.ipsdemo.com. 

Procedure 

1 . On the SIP Proxy Routing Rule Configuration page, select the SIP Methods check 
box. 

2. Select the SIP Method check box and enter notify. 

3. Set the Invert this selection field to No. 

4. Select the Header Rules check box. 

5. Set the All Headers Must Match? field to Yes. 

6. Click Go next to Add a New Header pair. 

7. On the Header Pair Configuration page, do the following: 

a. Set the Header Name field to To. 

b. In the Header Value field, enter the RTC User. 
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0 Note: 

This user is added as the User Name parameter in the RTC Collector 
configuration, for example, PSAdmin. 

8. On the Header Pair Configuration page, click Submit. 

9. On the SIP Proxy Routing Rule Configuration page, in the Destination Routes 
section, select Use a specific destination for this rule. 

rule-destination: rtc-collector 

0 Note: 

The rtc-collector is a routing tag, which is defined in the TLS transport 
configuration under the SIP Stack Configuration Parameters on the main SIP 
Proxy configuration page. 

10. Set the Choose destination based on to or from user field to To. 

11 . On the SIP Proxy Routing Rule Configuration page, click Submit to save the 
changes. 


Next steps 

You must recreate the recorded routing rule that you removed in the previous sections. If you 
have recorded the routing rule for the SIP method, NOTIFY, in the previous section, then you 
have to restore the rule first by adding a new SIP proxy routing rule with the recorded values. 
In all the cases, you have to recreate the recorded routing rule. To recreate the recorded routing 
rule, perform the following: 

1. On the SIP Proxy Configuration page, under the SIP Proxy Configuration section, 
click Go next to Add a new SIP Proxy Routing Rule. 

2. On the SIP Proxy Routing Rule Configuration page, under the Destination Routes 
section, select Use a specific destination for this rule. 

3. In the IDs of Specific Destinations text box, enter the same default value that you 
removed in the previous sections. By default, the value for the IDs of Specific 
Destinations field is set to sip-ps-l. 

4. From the Choose destination based on to or from user field, enter the same 
default value that you removed in the previous sections. By default, the value for 
the Choose destination based on to or from user field is set to to. 

5. To save the routing rule, click Submit. 

O Note: 

If a Presence Services installation enables multiple sip Presence Services components, then 
the original recorded routing rule will have multiple sip Presence Services entries. Therefore, 
in recreating the recorded routing rule, enter the sip PS component id for each sip PS into 

the IDs of Specific Destinations text box. 
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Adding a new Remote Host 
Procedure 

1 . On the Presence Services XCP Controller home page, select the Advanced 
configuration view. 

2. In the Components area, click Edit in the Actions column next to the SIP Proxy 
component. 

The system displays the SIP Proxy Configuration page. 

3. Under the Remote Host Configuration section, select Local Configuration and 
then click Go next to Add a new SIP Host. 

The system displays the SIP Host Configuration page. 

4. UnderSIP Host, in the Remote server hostname text box, enterthe external FODN 
of the OCS/Lync Edge server. For example, edger2svext.eu.ocs2adsv.com. 

5. From the Server Type drop-down box, select ocs. 

6. In the Hostname Mapping text box, enter the OCS/Lync domain name. For 
example, ocsr2adsv.com. 

7. To save the changes, click Submit. 

The system take you to the SIP Proxy Configuration page. On the Remote Host 
Configuration section, under Local Configuration, the system displays the SIP Host 
entry that you recently created. 


Adding a new routing label for the RTC Collector 
Procedure 

1 . On the Presence Services XCP Controller home page, select the Advanced 
configuration view. 

2. In the Components area, click Edit in the Actions column next to the SIP Proxy 
component. 

The system displays the SIP Proxy Configuration page. 

3. Under the SIP Stack Configuration Parameters section, click Details next to the 
existing transport entry. The existing transport entry must have a name similar to, 

sip-proxy-l tls-transport.presence. 

The system displays the TLS transport Configuration page. 

4. Under the Routes for this Transport section, click Go. 

The system displays the Route Configuration page. 

5. Enter the details for the following fields: 

• ID, enterthe ID. For example, rtc-coiiector. 

• IP address, enter the IP address. For example, 135 . 60 . 22 . 51 . 
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• Port, enter the port, 45061 . 

6. To save the changes, click Submit. 

© Note: 

The RTC Collector routing label that you just added here must correspond with 
the label specified for the RTC Collector inbound routing rule for SIP Proxy. 

The system takes you to the TLS transport Configuration page. 

7. On the TLS transport Configuration page, under Routes for this Transport, ensure 
that the new routes are present. 

8. On the SIP Proxy Configuration page, click the Submit to save the configured proxy 
rules that you have recently added. 


Next steps 

Enable trust management and DNS administration to setup a trust relationship between 
Presence Services and the RTC Collector. For more information on trust management and 
DNS administration, see the Trust Management and DNS Administration chapter. 


Integrating OCS Gateway 

Overview - OCS Gateway 

The main purpose of integrating an OCS Gateway with Presence Services is to provide an IM 
interoperability and presence distribution from Presence Services to the OCS/Lync users. In 
the latter scenario, an Avaya Aura® user is added to buddy list of an MOC/Lync user, so that 
the MOC/Lync user can obtain an overall availability of an Avaya Aura® user. This requires 
that a Presence server is configured as a federated IM provider in the deployment of an OCS/ 
Lync Edge server. This federated interworking model requires the management of trust 
configuration between the two systems, and the setup of network configuration in the form of 
DNS records (SRV and Host A records). 

When you enable and deploy an OCS Gateway in a Presence Services installation, an 
enterprise user using an MOC/Lync client can engage in IM conversations with a colleague 
who is using an Avaya Aura® client. Additionally, the enterprise user can also see an overall 
availability of an Avaya Aura® user, by adding an Aura presence handle to their buddy list. 

O Note: 

You cannot add an OCS/Lync contact directly to the contact list on an Aura client. In order 
to subscribe for the presence of an OCS/Lync user you must first add an OCS/Lync contact 
handle to the communication profile of an Aura user in System Manager. Then you add the 
Aura user as the contact. The addition of an OCS/Lync handle to an Aura user's 
communication profile handle set allows the RTC Collector to obtain and aggregate OCS/ 
Lync presence for the associated user. 


Administering Avaya Aura® Presence Services 


October 2013 73 



Configuring Presence Services components 


Also, please note that Presence Services does not support ACL=Confirm for Lync. 

Related topics: 

Inbound requests on page 74 
Outbound requests on page 74 

Inbound requests 

The inbound requests originate from the OCS/Lync and route through the OCS/Lync Edge 
server and the Presence Services SIP Proxy. The Presence Services SIP Proxy is instrumental 
in directing SIP requests from the OCS/Lync system to the OCS Gateway. You can achieve 
this through the routing rules defined in SIP Proxy. Inbound SIP requests are subject to routing 
rules, which are defined on the To and From headerfields of a SIP request. The inbound routing 
rules directs certain SIP requests originating from an OCS/Lync system to the OCS 
Gateway. 


Outbound requests 

The outbound requests are the SIP requests that the system initiates as a result of Avaya Aura® 
client initiated requests destined for an OCS/Lync enterprise user. These requests are 
processed by Presence Services and are routed internally through the OCS Gateway. In the 
current Presence Services implementation, these requests are XMPP requests that originates 
from an Aura client. 

For example, an Avaya Aura® enterprise user logged on a 1XC-H.323 or 1XC-SIP client can 
click on a user in their contact list and initiate an IM with that peer enterprise user. The 1XC 
clients then indicates that the target user has two IM addresses: an Avaya Aura® XMPP handle 
and an OCS/Lync handle. If the initiating user selects the OCS/Lync handle, then the Avaya 
Aura® client sends an XMPP IM message to Presence Services and then Presence Services 
routes this IM message internally through the OCS Gateway. This is because the system 
configures the OCS Gateway to handle communications with the OCS/Lync domain and the 
address used in the request contains the OCS/Lync domain. 

Outbound SIP requests route through a SIP Proxy of Presence Services, then to the OCS/ 
Lync Edge, and then into the OCS/Lync server. The SIP communication is based on a 
federated deployment of Presence Services with OCS/Lync. The configuration on OCS/Lync 
Edge is for federated inter-working. Therefore, you must configure Presence Services for 
federation as an IM provider on the OCS/Lync Edge server. 

Additionally, to establish TLS communications and achieve server authentication, it is 
necessary that the CA TLS/SSL certificate of the Certificate Authority, which signed the 
TLS/SSL certificates of Presence Services and OCS/Lync Edge, are imported into each of the 
trust stores on Presence Services and the OCS/Lync Edge respectively. With the appropriate 
Presence Server Host records and SRV records configured in the DNS service associated with 
the OCS/Lync Edge and the OCS/Lync server, you establish this trust relationship. 

Use the following domains as an illustration: 
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• The PS domain is pres.ipsdemo.com 

• The OCS/Lync domain is ipsdemo.com 

• The PS server FQDN is ipsdemo-ipsl .ipsdemo.com 

• The OCS/Lync Edge server external FQDN is ipsdemo-winsrv2.glob.ipsdemo.com 

• The OCS/Lync server is ipsdemo-winsrvl .glob.ipsdemo.com 

If you are enabling the OCS Gateway during installation, then you must know the appropriate 
values for the following parameters on the Presence server: 

• OCS/Lync Edge: The external FQDN of the OCS/Lync Edge server, for example, 
ipsdemo-winsrv2.glob.ipsdemo.com 

• OCS/Lync SIP domain: The OCS/Lync domain, for example, ipsdemo.com 

•OCS/Lync SIP Port: 65061 

These parameters set up the OCS Gateway configuration together with the default settings for 
non-solicited parameters. You can also use these parameters to configure the OCS Gateway 
routing rules in the SIP Proxy. 

The SIP Proxy plays an integral part in the processing of a SIP request that the system sends 
to the OCS/Lync server and in handling the SIP requests received from the OCS/Lync server 
to Presence Services. You must define routing rules in the SIP Proxy, which routes SIP 
requests to their appropriate destination servers. Two rules govern the flow of SIP requests to 
and from OCS/Lync: 

• The outbound SIP (SUBSCRIBE, INVITE, ACK, NOTIFY) requests from Presence 
Services to OCS/Lync have a rule which specifies that if the To header is set to the OCS/ 
Lync domain and if the From header is from the Presence Services domain, then you 
must apply the default SIP routing rule. 

• The inbound SIP (SUBSCRIBE, INVITE, ACK, NOTIFY) requests have a rule which 
specifies that if the To header contains the Presence Services domain and the From 
header contains the OCS/Lync domain, then the request is to be routed to the OCS 
Gateway. 

• The default SIP routing rules determine the destination IPS address of the target domain. 
This requires the configuring of a Host mapping in the Proxy. This Host mapping maps 
an OCS/Lync domain to the external FQDN of the OCS/Lync Edge server. The external 
FQDN of the OCS/Lync edge server must be resolvable and requires an entry in the /etc/ 
hosts file. 

OCS Gateway deployment checklist 

This checklist outlines the set of tasks that you must execute to deploy an OCS Gateway and 
provides cross references to sections of this guide, which provide details of the tasks. 
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# 

Server 

Task 

✓ 


Presence server 

Enable, deploy, and 
configure OCS Gateway 
in the Presence server 



Presence server 

Check that the PS SIP 
Proxy routing rules and 
Host mapping 
configuration has been 
set for integration with 
OCS/Lync. 



OCS/Lync CA and 
OCS/Lync Edge 

Generate an SSL 
certificate for use on the 
OCS/Lync Edge. This 
requires server 
authentication and client 
authentication properties 
to be set. 



OCS/Lync Edge 

Download the CA which 
signed the external 
certificate of the Edge 
server. 



Presence server 

Copy the OCS/Lync 

Edge server CA 
certificate to Presence 

server. 



OCS/Lync Edge and 
Presence server 

Add the CA for the Edge 
server to the Presence 
Services to the Presence 
Services trust store. 



Presence server 

Verify that the 
downloaded CA 
certificate exists in the 
trust store, execute 
prescert list command. 



Presence server 

Restart Presence 
Services to pick up the 
new trust store and 
configurations. 



OCS/Lync Active 
Directory 

Enable OCS/Lync users 
for federated inter¬ 
working. 



OCS/Lync Edge server 

Upload the Presence 
Services CA certificate to 
the OCS/Lync Edge 



76 Administering Avaya Aura® Presence Services 

Comments? infodev(d>.avava.com 


October 2013 

















Configuring Presence Components 


# 

Server 

Task 

✓ 



server and add the 
Presence Services CA 
certificate to the trust 
store of the OCS/Lync 
Edge server. By default, 
the Presence Services 

CA certificate is usually 
the System Manager CA 
certificate. Use the 
Presence Services CA 
certificate to sign the 
Presence Services TLS 
certificate. 



OCS/Lync Edge and 
Presence server 

Verify the configuration 
status for both Presence 
Services and OCS/Lync 
servers, check trust 
stores, and DNS 
configuration on OCS/ 
Lync Edge server. 



OCS/Lync Edge server 

Restart external services 
to apply the changes. 



System Manager 

Add OCS/Lync handles 
for users on System 
Manager. 



OCS Gateway configuration worksheet 

The OCS Gateway configuration worksheet identifies the set of configuration parameters that 
are when you enable an OCS Gateway. It is important that you know the values for the following 
parameters before starting the configuration process. 


Configuration 
parameter Name 

Parameter value 

Default valued presented on the 
configuration screen 

OCS Domain 



PS SIP Domain 4 


The service router name configured during 
installation, for example, 
pres.ipsdemo.com. 

Transport 


tls 

Port 5 




4 The Service Router Name solicited during the installation process is the Presence Services presence domain. 

5 The system provides a default port, 5061. You must change this port to a free port, typically to 65061. The convention for 
backend SIP servers is to use 5061 with an integer value from the set 1,2,3,4,5,6 prepended to create the port. Note that 
any value greater than 6 pushes the port value beyond the acceptable range of TCP ports. 
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Configuration 
parameter Name 

Parameter value 

Default valued presented on the 
configuration screen 

Expires 


86400 

Subscription Failure 
retry 


3600 

Server Failure retry 


3600 

PS IP address 



SIP Proxy Port 6 



PS server FQDN 



SIP SUBSCRIBE 
Contact Port 7 



TLS keystore full file 
path 8 



TLS trust store full file 
path 9 




Enabling OCS Gateway 

You can enable an OCS Gateway in the following scenarios: 

• During Presence Services installation 

• After Presence Services installation 

Related topics: 

Enabling OCS Gateway during installation on page 78 
Enabling OCS Gateway post installation on page 79 

Enabling OCS Gateway during installation 

When you select and enable an OCS Gateway at the time of installation, as a part of the 
installation process, the system requests the following configuration parameters: 

• OCS/Lync Edge: The external FQDN of the OCS/Lync Edge server, for example, 
ipsdemo-winsrv2.glob.ipsdemo.com. 

• OCS/Lync SIP Domain: The OCS/Lync domain. 

• OCS/Lync SIP Port: The TLS port used by the SIP stack. 

The system presents a default 65061 port number for the OCS/Lync SIP port. You can accept 
this value almost invariably. The installer enables the OCS Gateway and sets up its 

6 The SIP Proxy port is 5061. 

7 The contact port should be that of the SIP Proxy, that is 5061. 

8 Currently, TLS keystore full file path is /opt/Avaya/Presence/ jabber/xcp/certs/ 
generic.pem.jabber 

9 Currently, TLS trust store full file path is / opt/Avaya/Presnce/j abber/xcp/ certs/ 
generic.trusts 
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configuration. Additionally, the system configures SIP Proxy with routing route and host 
mappings for interacting with OCS/Lync. 


Enabling OCS Gateway post installation 
About this task 

The OCS Gateway provides IM and presence interoperability between a Presence Services 
installation and an OCS/Lync installation. You can achieve this by setting up a federated 
deployment between OCS/Lync and Presence Services. For this interoperability between the 
two systems, you must configure Presence Services as an IM provider on the OCS/Lync Edge 
server on OCS/Lync, and also ensure that the relevant DNS network configuration and trust 
management is in place. 

You can enable an OCS Gateway post installation through the XCP Controller Web 
interface. 

Procedure 

1. Log in to the Presence Services XCP Controller Web interface. 

2. In the Components area, select Connection Manager from the Add a new drop¬ 
down list, and click Go. The system displays the Connection Manager 
Configuration page. By default, the system displays a basic configuration view, but 
you must switch to the advanced configuration view. 

G Tip: 

On the Connection Manager Configuration page, under the Connection Manager 
section, you can rename the Description field to OCS Connection Manager 
for more clarity. 

3. Under the Command line to run section, change the text in the Command line to 
run text box to, exec /opt/Avaya/Presence/jabber/xcp/bin/sip_gw -h %i -m %m -n 
%n -p %p -P /opt/Avaya/Presence/jabber/xcp/var/run/jabberd/%n.pid. The OCS 
Gateway does not start, unless you make these changes. 

4. From the Add a New Command Processor drop-down box, select S2S Command 
Processor. 

5. Click GO. The system displays the S2S Command Processor Configuration page. 
The initial configuration settings on this page are the default settings for an XMPP 
S2S Gateway. You must remove parts of the default configuration and replace with 
SIP/Simple Gateway configuration. 

6. In the Director Configuration section, the system presents two default XMPP 
directors. Click Remove next to each default XMPP directors. 

7. To confirm the removal of the XMPP directors, on the Click 'OK' to confirm 
removal from the configuration dialog box, click OK for each of the XMPP 
directors. 
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8. On the S2S Command Processor Configuration page, under the Director 
Configuration section, from the Add a new drop-down box, select SIP/SIMPLE 
Gateway and then click Go. 

The system displays the SI P/Simple Gateway Configuration page. The system 
requires a number of configuration parameters for the SIP/Simple Gateway, which 
includes Remote Host Configuration, SIP Stack Configuration, and Outbound Proxy 
configuration. 


Next steps 

Configure OCS Gateway. 

Configuring OCS Gateway 

Overview - Configuring OCS 

The SIP/Simple gateway requires the configuration setting of a number of parameters under 
various categories, which includes SIP Host Configuration and SIP Stack Configuration. To 
add a SIP Host configuration, perform the following: 

• Configure a SIP TLS transport under the SIP Stack Configuration category 

• Set the Outbound Proxy 

• Modify a number of SIP request timeout parameters 

Configuring the SIP Remote Host Configuration parameters 
Procedure 

1. In the SIP/Simple Gateway Configuration page, scroll to the Remote Host 
Configuration section and select Local Configuration. 

2. Click GO to add a new SIP Host. The system displays the SIP Host Configuration 
page. This configuration defines a mapping between the OCS/Lync domain and the 
OCS/Lync Edge server. For the mapping, you need the following three parameters: 

• Remote server hostname 

• Server Type 

• Hostname mapping 

3. In the Remote server hostname field, enter the external FODN of the OCS/Lync 
Edge server. 

4. From the Server Type drop-down box, select ocs. 

5. On the Hostname Mappings section, in the Hostname(s) field, enter the OCS/Lync 
domain. For example, ipsdemo.com. 

6. To save the configuration, click Submit. The system returns to the SIP/Simple 
Gateway Configuration page. 
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Configuring the SIP Stack Configuration parameters for the OCS Gateway 
Procedure 

1. In the SIP Stack Configuration Parameters section, create and configure TLS 
transport. 

2. From the Add a new SIP Transport drop-down box, select TLS and click GO. 
The system displays the TLS transport Configuration page. This page provides 
network and TLS configuration parameters for the selected TLS transport. 

O Note: 

Ensure that the domain that you use for TLS certificate is the FQDN of Presence 
Services. The full path to the certificate file must be /opt/Avaya/Presence/ 
jabber/xcp/certs/generic.pem. jabber and the full path to the CA 
certificate file should be /opt/Avaya/Presence/jabber/xcp/certs/ 
generic.trusts. 

3. Accept the default values for the following configuration parameters: 

• Unique identifier for this transport 

• Hostname of external interface 

• IP address 

Q Note: 

The hostname for external interface is the PS domain name. 

4. In the Port field, change the value of the port from 5061 to 65061 . 

This is the port configured for the OCS Gateway. 

5. In the Use this transport by default for TLS requests field, use the default value 
Yes. 

6. In the Domain used for TLS certificate field, enter the FQDN of Presence 
Services. 

7. Use the following values: 

• The Full path to the certificate file: /opt/Avaya/Presence/j abber/xcp/ 
certs/generic.pem.j abber 

• Full path to the CA certificate: /opt/Avaya/Presence/jabber/xcp/ 
certs/generic.trusts 

8. In the Define an optional external contact for SIP servers to use to contact this 
transport section, enter the following two configuration parameters: 

• External hostname that SIP servers will use to contact: Enter the FQDN 
of Presence Services. 
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• External port that SIP servers will use for contact: Enter the SIP Proxy port 
5061. 

0 Note: 

Use these parameters are to set the Contact header of the outbound SIP 
requests. 

9. To save the configuration settings click Submit. 

The system displays the SIP/Simple Gateway page again. 

10. Configure Outbound Proxy. This forces outbound SIP requests through a next hop 
processing node. In this case, the next hop processing node is the Presence 
Services SIP Proxy, where you need to apply the outbound OCS/Lync routing 
rules. 

11 . Select the Outbound Proxy check box and enter the following parameters: 

• Proxy IP address: Presence Services IP address. 

• Proxy Port: 50 61 . 

• Proxy Transport: TLS 

12. In the list of configuration parameters, set the TLS connection strict checking of 
hostname and TLS connection strict certificate usage parameters value to No. 
Use the default values for the remaining parameters. 

The SIP/Simple Gateway Configuration provides parameters that define how TLS 
certificates are handled, for example, whether strict host name checking is applied 
or not. 

13. To save the SIP/Simple Gateway Configuration, click Submit. 

The system displays the S2S Command Processor Configuration page. On the S2S 
Command Processor Configuration page, the system displays an entry for 
cm-2_s2scp-l_sipsd-l .presence SIP/Simple Gateway component in the 
director configuration table. 

14. On the S2S Command Processor Configuration page, on the Outgoing Connection 
Attempt Rules page, the system displays three rules. These rules are applicable to 
the XMPP S2S directors and are not relevant for the OCS Gateway configuration. 
Therefore, you must remove the rules. 

15. In the table, for each of the existing rules, click Remove next to each rule to delete 
the rule. 

16. Create a new dummy rule, Outgoing Connection Attempt Rule. These dummy rules 
are a form of local SRV DNS lookup and are associated with built-in default rules 
within OCS Gateway. 

17. Prior to creating the dummy rule, take note of the SIP/Simple Gateway identifier. 
Typically, this is cm-2_s2scp-i_sipsd-i, and you can obtain the value from the 
director table at the top of this configuration page. 

18. To create a dummy rule, click GO. 


82 Administering Avaya Aura® Presence Services 

Comments? infodevt&avava.com 


October 2013 



Configuring Presence Components 


The system displays the Rule Configuration page. 

19. For example, enter the following: 

• Director ID: cm-2_s2scp-1_sipsd-1. This is the SIP/Simple Gateway 
component identifier. 

• DNS SRV lookup to use: abcdef. 

• Port to use instead of DNS SRV lookup: Leave this field blank. 

20. To save this rule configuration, click Submit. 

The system returns to the S2S Command Processor Configuration page. 

21. On the S2S Command Processor Configuration page, click Submit to save all 
configuration inputs. 

The system displays the Connection Manager Configuration page. 

22. On the Connection Manager Configuration page, the system displays a command 
process cm-2_s2scp-l .presence in the command processor table. As a final 
part of the configuration, enable logging. 

23. To enable logging, scroll to Component Logging, and select the Component 
Logging check box. 

24. Select the Logger check box and then select the Filtered Syslog Logger check 
box. 

25. Linder the Pipe Level Filter section, accept the default Level at WARNING, and in 
the Pipe file text box, enter the path /opt/Avaya/Presence/ 

j abber/xcp/var/log/ocs-cm.pipe. 

This file is used to dynamically adjust the logging level of the OCS Gateway through 
the /opt/Avaya/Presence/ jabber/xcp/bin/updateLogLevel. sh script. 

26. Linder the File Settings section, in the Name and location field, enter the name and 
location, for example, /var/log/presence/ocsgateway. log. 

27. Linder the Syslog Settings section, in the Identity text box, enter OCS-CM. 

28. Click Submit. The system creates a Connection Manager component containing 
the OCS Gateway. 

The system now displays the XCP Controller main page. The system adds an 
additional connection manager component to the component list. 


Next steps 

To complete the OCS Gateway setup and integration with OCS/Lync, it is necessary to 
complete the trust management and DNS administration procedures. For more information, 
see the Trust management and DNS Administration section. 

Configuring the OCS Gateway Hostname Filter: Open Port component configuration 
About this task 

You must configure the OCS Gateway in such a way that any presence packets or IM 
messages destined for the OCS/Lync domain can be routed internally within the Presence 
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Services through the OCS Gateway. For this, you must create an Open Port component that 
specifies that the OCS Gateway handles packets and message requests destined for the OCS/ 
Lync domain. 

Procedure 

1. Log in to the XCP Controller Web interface. 

2. On the XCP Controller Configuration page, from the Component drop-down box, 
select Open Port. 

3. Click GO. The system displays a pop-up menu, where the system asks you to enter 
the user input for the name of a component associated with the Open Port 
component that you want to create. 

4. In the enter ID of open port component field, enter the name of the S2SCP which 
was created while enabling the OCS Gateway. For example, if the name of the 
Connection Manager was cm-2 and the S2SCP is cm-2_s2scp-1, then enter 
cm-2_s2scp-l as the component ID for the Open Port component. 

C Note: 

Ensure that you use the same S2SCP component name, created during the 
configuration for the OCS Gateway, for the Open Port component name. Also, 
you must not include “.presence” in the Open port component name. 

5. Click OK. The system displays the OpenPort Configuration page. 

6. On the Hostname for this Component section, in the Host Filter Host(s) field, enter 
the OCS/Lync domain, for example, ipsdemo. com. 

7. To save the configuration, click Submit. This configuration is the only configuration 
required for the Open Port. 

The main objective of OpenPort configuration is to associate the OCS/Lync domain 
with the OCS Gateway. This allows any presence packets or IM messages to route 
internally within Presence Services to the OCS Gateway. The OCS Gateway then 
converts any presence packets or IM messages to SIP requests. The OCS Gateway 
then sends these SIP requests to the OCS/Lync server through the SIP Proxy and 
OCS/Lync Edge server. 


Configuring SIP Proxy routing rules for OCS Gateway 

You must add the SIP Proxy routing rules manually only after enabling the OCS SIP Gateway. 
Configure the following rules: 

• Outbound SIP requests to OCS 

• Inbound SIP requests from OCS 

C Note: 

Note that the addition of routing rules is linear, that is, the system adds a new rule after the 
last current rule is defined. The last current rule should be a default routing rule or catch all, 
which routes all remaining SIP requests, not covered by the preceding rules, to the SIP 
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Presence Services. Record the details of the last current rule, after recording the details, 
remove the rule. It is important that you create the last current rule again after the OCS 
Gateway routing rules are created. Add the two new routing rules for the OCS Gateway. 
This addition should be followed by the readdition of the default or catch all rule to route SIP 
requests to the SIP Presence Services. 

Before you begin 

Check that the following configuration parameters are set to the values indicated: 

• The Add Record-Route header field is set to No. 

• The Enable LCS Routing compatibility field is set to Yes. 

O Note: 

To check the Add Record-Route header field and Enable LCS Routing compatibility field, 
see the SIP Proxy settings. 

About this task 

Also, consider the following possible scenarios: 

• OCS Gateway is enabled and deployed and the RTC Collector is not enabled and 
deployed. 

• OCS Gateway is being enabled and deployed and the RTC Collector has been previously 
enabled and deployed. 

Procedure 

1 . On the Presence Services XCP Controller home page, select the Advanced 
configuration view. 

2. In the Components area, click Edit in the Actions column next to the SIP proxy 
component. 

3. On the SIP Proxy Configuration page, scroll down to the SIP Proxy Routing Rules 
section. Review the last routing rule by clicking details of the last routing rule table 
entry, and record the details of this rule. The system displays the Routing Rule 
Configuration page. This rule specifies the default or catch all rule routing SIP 
requests to the SIP Presence server component. If not, then there is a potential 
error in your proxy configuration. The default routing rule reads as follows: In the 
Destination Routes section, a use a specific destination for this rule configuration 
will be set with a routing tag sip-ps-1. If the system deploys more than one SIP 
Presence server component, then each of these SIP Presence Services is also 
listed. 

4. Click Cancel and OK to return to the main configuration page for the SIP Proxy. 

5. To remove the last routing rule, click Remove. 


OCS Gateway routing rule 

When you add the OCS Gateway routing rules, consider the following possible scenarios: 
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• Scenario 1: Adding OCS Gateway routing rule without RTC Collector enabled 

• Scenario 2: Adding OCS Gateway routing rule with RTC Collector enabled and deployed 

In each case, there is a rule to govern the outbound SIP requests (SUBSCRIBE, INVITE, ACK, 
NOTIFY) and the inbound SIP requests (SUBSCRIBE, INVITE, ACK, NOTIFY). These rules 
are based on the domains in the To and From headers, such that outbound SIP requests are 
destined To a user at the OCS domain and will come From a user in the Presence Services 
domain. For the inbound requests, the system originates these requests From a user in the 
OCS domain and routes To a user in the Presence Services domain. 

Related topics: 

Adding a new Remote Host on page 72 

Inbound SIP requests routing rule on page 86 

Outbound SIP requests routing rule on page 87 

Adding a new routing label for the OCS Gateway on page 88 

Inbound SIP requests routing rule 
About this task 

The inbound SIP requests rule is based on the To and From header field. The From header 
rule pattern specifies the domain as the OCS/Lync domain, for example, ipsdemo.com. The 
To header rule pattern specifies the Presence Services domain, for example, 
pres.ipsdemo.com. 

Procedure 

1. On the SIP Proxy Configuration page, scroll down to the SIP Proxy Routing Rules 
section. Click GO to add a new SIP PROXY Routing Rule. The system displays a 
SIP Proxy Routing Rule Configuration page. 

2. On the SIP Proxy Routing Rule Configuration page, select the To Hosts check 
box. 

3. Enter the Presence Services domain, for example, pres.ipsdemo.com. 

4. Select the From Hosts check box. 

5. Enter the OCS/Lync domain, for example, ipsdemo.com. 

6. On the SIP Proxy Routing Rule Configuration page, select Use a specific 
destination for this rule. 

7. Enter the following: 

• rule-destination: ocs-gw 

O Note: 

The ocs-gw is a routing tag. Define this tag in the TLS transport configuration 
under the SIP Stack Configuration Parameters on the main SIP Proxy 
configuration page. Additionally, if you enable the OCS Gateway during 
installation, then the system selects the routing tag as cm2-s2scp-1. This 
label serves the same purpose as the ocs-gw label. The ocs-gw label is an 
internal routing label which identifies the network configuration parameters 
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used by the OCS Gateway process, that is, the OCS Gateway IP address 
and port. 

• Select destination based on to or from user: to 

8. On the SIP Proxy Routing Rule Configuration page, click Submit to save the 
changes. 


Outbound SIP requests routing rule 
About this task 

The outbound SIP requests rule is based on the To and From header field. The From header 
rule pattern specifies the domain as the Presence Services domain, for example, 
pres.ipsdemo.com. The To header rule pattern specifies the OCS/Lync domain, for example, 
ipsdemo.com. 

O Note: 

The outbound routing rule should already exist if you have enabled the RTC Collector prior 
to enabling an OCS Gateway. 

Procedure 

1. On the SIP Proxy Routing Rule Configuration page, select the To Hosts check 
box. 

2. Enter the OCS/Lync domain, for example, ipsdemo. com. 

3. Select the From Hosts check box. 

4. Enter the Presence Services domain, for example, pres.ipsdemo.com. Then add 
the routing destination for this rule. 

5. In the Destination Routes section, select use sip default routing rules. 

6. On the SIP Proxy Routing Rule Configuration page, click Submit to save the 
changes. 


Next steps 

You must recreate the default routing rule that you removed in the previous sections. To 
recreate the default routing rule, perform the following: 

1. On the SIP Proxy Configuration page, under the SIP Proxy Configuration section, 
click Go next to Add a new SIP Proxy Routing Rule. 

2. On the SIP Proxy Routing Rule Configuration page, under the Destination Routes 
section, select Use a specific destination for this rule. 

3. In the IDs of Specific Destinations text box, enter sip-ps-l. 
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4. From the Choose destination based on to or from user drop-down box, select 

from. 

5. To save the routing rule, click Submit. 

O Note: 

If a Presence Services installation enables multiple sip Presence Services components, then 
the original default routing rule will have multiple sip Presence Services entries. Therefore, 
in recreating the default routing rule, enter the sip PS component id for each sip PS into the 

IDs of Specific Destinations text box. 

Adding a new Remote Host 
Procedure 

1 . On the Presence Services XCP Controller home page, select the Advanced 
configuration view. 

2. In the Components area, click Edit in the Actions column next to the SIP Proxy 
component. 

The system displays the SIP Proxy Configuration page. 

3. Under the Remote Host Configuration section, select Local Configuration and 
then click Go next to Add a new SIP Host. 

The system displays the SIP Host Configuration page. 

4. Under SIP Host, in the Remote server hostname text box, enter the external FQDN 
of the OCS/Lync Edge server. For example, edger2svext.eu.ocs2adsv.com. 

5. From the Server Type drop-down box, select ocs. 

6. In the Hostname Mapping text box, enter the OCS/Lync domain name. For 
example, ocsr2adsv.com. 

7. To save the changes, click Submit. 

The system take you to the SIP Proxy Configuration page. On the Remote Host 
Configuration section, under Local Configuration, the system displays the SIP Host 
entry that you recently created. 


Adding a new routing label for the OCS Gateway 
Procedure 

1 . On the Presence Services XCP Controller home page, select the Advanced 
configuration view. 

2. In the Components area, click Edit in the Actions column next to the SIP Proxy 
component. 

The system displays the SIP Proxy Configuration page. 
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3. Under the SIP Stack Configuration Parameters section, click Details next to the 
already added TLS transport. 

The system displays the TLS transport Configuration page. 

4. Under the Routes for this Transport section, click Go. 

The system displays the Route Configuration page. 

5. Enter the details for the following fields: 

• ID, enter the ID. For example, ocs-gw. 

• IP address, enter the IP address. For example, 135.60.22.51. 

• Port, enter the port, 65061. 

6. To save the changes, click Submit. 

O Note: 

The OCS Gateway routing label that you just added here must correspond with 
inbound routing rule for SIP Proxy, as specified perviously. 

The system takes you to the TLS transport Configuration page. 

7. On the TLS transport Configuration page, under Routes for this Transport, ensure 
that the new routes are present. 

8. To save all the newly added SIP Proxy configuration, click Submit. 


Next steps 

Enable trust management and DNS administration to setup a trust relationship between 
Presence Services and the OCS Gateway. For more information on trust management and 
DNS administration, see the Trust Management and DNS Administration chapter. 


Trust Management and DNS Administration 

Overview - Presence Services and OCS Gateway connection 

By default, the Edge server external interface uses a server certificate. To enable 
communication with the OCS Gateway, you must generate a server SSL certificate to act as 
both the Client certificate and the Server certificate. To verify the certificate in use by the OCS/ 
Lync Edge server external interface, use the OCS/Lync Edge server properties. For more 
information on verification, see the OCS 2007 R2 Edge Server Deployment Guide at: http:// 
www.microsoft.com/download/en/details.aspx?id=24402 . 

To verify the certificate in use by the Lync Edge server external interface, use the Lync Edge 
server properties. For more information on verification, see the Microsoft Lync Server 2010 
Edge server Guide at: http://www.microsoft.com/en-us/download/details.aspx?id=11379 . 
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Checking the certificate used by external interface on server 
About this task 

By default, the Edge server external interface uses a server certificate. To enable 
communication with the OCS Gateway, you must configure this server certificate to act as both 
a Client certificate and Server certificate. 

Procedure 

To verify the certificate in use by the Edge server external interface, use the Edge 
server properties. For more information on verification, refer the OCS 2007 R2 Edge 
Server Deployment Guide at: http://www.microsoft.com/download/en/details.aspx? 
id=24402. 


Generating and importing certificate for OCS 

Generating a certificate with server and client authentication 
About this task 

The certificate that the Edge server external interface uses must have server and client 
authentication. If not, generate a certificate with server and client authentication and assign 
the certificate to the Edge server external interface. 

To create a certificate for external interface using Microsoft Certificate Authority (CA) in a 
Windows 2003 Enterprise Edition Server running a standalone Microsoft Enterprise CA: 

C Note: 

The procedure may vary depending on the configuration and setup of your Microsoft CA. 

Procedure 

1. Log on to the Web enrollment page of Certificate Authority at: http: / / 

<CA Machine>/ certsrv/. 

2. On the Web enrollment page, click Certificate > Advanced Certificate Request. 

3. On the Advanced Certificate Request dialog box, enter the following details: 

a. Select Other from the drop-down menu. 

b. In the OID text field, enter 1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2. 
Separate the two OIDs by a comma but do not add a space. 

c. Click the Store certificate in the local computer certificate store check 
box. 

Leave all other details as is. 

d. Click Submit. 

4. On the Certificate server perform the following: 

a. To open the mmc of the CertificateAuthority, type mmc in the Run dialog box, 
and click Ok. 

b. Right-click Pending Requests. 
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The system displays the certificate request from the Edge server, 
c. Right-click on the certificate request based on request ID, and click All Tasks 
> Issues. 

5. On the client computer, perform the following: 

a. To open the Web enrollment page, click Certificate > Advanced Certificate 
Request. 

b. Click View the status of a pending certificate request. 

c. Click the certificate and save the certificate to use as the Certificate for the 
External Interface on the Edge server. 


Importing the System Manager default CA certificate into the OCS Edge Trust 
Store 

Procedure 

1. Log in to System Manager Web Console. 

2. Click Security > Certificates > Authority. 

3. Click Download pem file. Save the pern file with an appropriate name, for example, 
default-cacert.pem and upload to the OCS Edge server. 

4. Copy the System Manager CA certificate to the OCS Edge server. 

5. On the OCS Edge, run the management console, click Start > Run. 

6. In the Run dialog box, enter mmc , and click OK. 

7. On MMC Console, select File > Add/Remove Snap-in to launch the Add/Remove 
Snap-in wizard. 

8. In the Add/Remove Snap-in dialog box, click Add. 

9. On the Standalone tab, click Add. 

10. In the Add Standalone Snap-in dialog box, select Certificates and then click 
Add. 

11. In the Certificates Snap-in dialog box, select Computer Account and click 
Next. 

12. In the Select Computer dialog box, select the default setting Local Computer and 
click Finish. 

13. In the Add Standalone Snap-in dialog box, click Close. And then in the Add/ 
Remove Snap-in dialog box, click OK. 

The system takes you to the MMC Console. 

14. Click Console Root, select Certificates > Trusted Root Certification 
Authorities. 

15. Select Trusted Root Certification Authorities, right-click Certificates and select 
All Tasks > Import. 
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The system launches the Certificate Import Wizard. Follow the steps of the wizard 
and browse for the default-cacert .pem file. 

16. On the Certificate Import Wizard screen, click Next. 

17. In the Open dialog box, click Browse to locate the file and then click Next. 

18. Retain the default settings and then click Next. 

19. Click Finish to complete the Certificates Import Wizard. 

20. Verify the Certificate is in the Certificates/Trusted Root Certification 
Authorities/ Certificates list. 

a. Right-click Certificates and select Refresh to update the certificates list. 

The system might display the certificate as the default setting. 

b. Verify that the serial number and the expiry date of the System Manager 
certificate match the serial number and the expiratory date of the new default 
certificate that appears in the certificate list on the Edge server. 

c. To determine the serial number and expiry date of the System Manager 
certificate, enter the following command on the Presence server: openssl 
x509 -in $PRES HOME/jabber/xcp/certs/default-cacert.pem - 
noout -text. 

The details of this certificate must match the default certificate added to Edge 
server. 

d. To determine if the certificate was added, double-click the certificate in the list 
of certificates. 

If the system does not display a default certificate, then the Presence Services 
CA Certificate has not been added to the OCS Edge server's Trusted Root 
Certificates. 

C Note: 

The default-cacert.pem is the name given to the System Manager CA certificate 
when the system downloads the from the System Manager security management 
page. 


Generating and importing certificate for Lync 

Generating a Web server certificate with server and client authentication 
About this task 

The certificate that the Edge server external interface uses must have server and client 
authentication. If not, generate a certificate with server and client authentication and assign 
the certificate to the Edge server external interface. 

To create a certificate for external interface using Microsoft Certificate Authority (CA) in a 
Windows 2008 Enterprise Edition Server running a standalone Microsoft Enterprise CA: 

C Note: 

The procedure may vary depending on the configuration and setup of your Microsoft CA. 
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Procedure 

1 . Expand Console Root and click Certificate Templates. The system displays a list 
of template display names. 


Console 1 - [Console Root\Certificate Templates (soalabb!87.ace 


File Action View Favgrites Window Help 




Console Root 

^1 


Certificate Templates (soalabb!87.ace 


if 

33 


Template Display Name 


3 Administrator 
5) Authenticated Session 
3 Basic EFS 
5] CA Exchange 
3 CEP Encryption 
3 Code Signing 
3 Computer 
3 Copy 2 of Web Server 
3 Copy 3 of Web Server 


2. From the Template Display Name list, right-click Web Server and then click 

Duplicate Template. 
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P 4 Console 1 | Console Root '.Certificate Templates (soolobbl87.acca4jra.avaya.com)| 

£) Fie Action View Favortes Window 

Help 



I 

O * 1 »l|slEI 1^ IDS 1 

_11 Console Root 

template Cisplay Name 

| Minimum Supported CAs 

| Veroon | 

Intended Purposes 

jL Certificate Templates (soetabb 187, aceaur 

5] Admnistrator 

Wndows 2000 

4.1 

A 


3 Authenticated Session 

Wndows 2000 

3.1 



31 Basic EF5 

Windows 2000 

3.1 

i 


3 ) CA Exchange 

Windows Server 2003 Ent.. 

106.0 

Private Key Archival A 


31 CEP Encryption 

Wrdows 2000 

4.1 

1 


31 Code Slgnng 

Wndows 2000 

3.1 



31 Computer 

Wndows 2000 

5.1 



31 Copy 2 of Web Server 

Windows Server 2008 Ent... 

100.2 

Server Authentication, Clent Authentication 


31 Copy 3 of Web Server 

Windows Server 2008 Ent... 

100.2 

Server Authentication, Clent Authentication 


31 Copy 4 of Web Server 

Windows Server 2008 Ent... 

100.2 

Server Authentication, Clent Authentication 


31 Copy of Web Server 

Wndows Server 2008 Ent... 

100.2 

Server Authentication, Clent Authentication ; 


31 Cross Certificabon Authority 

Wndows Server 2003 Ent... 

105.0 



31 Directory Emai Replication 

Wndows Server 2003 Ent... 

115.0 

Directory Service Emad Replcation 


31 Domain Controller 

Windows 2000 

4.1 



31 Domain Controller Authentication 

Windows Server 2003Ent... 

110.0 

Clent Authentication, Server Authentication, 5m 


31 EPS Recovery Agent 

Wndows 2000 

6.1 



31 Enrollment Agent 

Wndows 2000 

4.1 



31 Errdlment Agent (Computer) 

Wndows 2000 

5.1 

i 


3 Exchange Enrofcnent Agent (Offline request) 

Windows 2000 

4.1 



31 Exchange 5ignatvre Only 

Windows 2000 

6.1 

. 


31 Exchange User 

Windows 2000 

7.1 



3 IPSec 

Wndows 2000 

8.1 



3 IPSec (Offlne request) 

Wndows 2000 

7.1 



3 Kerberos Authentication 

Wndows Server 2003 Ent... 

110.0 

Clent Authentication, Server Authentication, Sm. 1 


31 Key Recovery Agent 

Windows Server 2003 Ent... 

105.0 

Key Recovery Agertt 


31 OC5P Response Signing 

wndows Server 2008 Ent... 

101.0 

OCSPSgnhg 


31 RAS and IAS Server 

Wndows Server 2003 Ent... 

101.0 

Clent Authentication, Server Authentication ( 


3 Root Certfication Authority 

Wndows 2000 

5.1 



3 Router (Offlne request) 

Windows 2000 

4.1 



51 Smartcard Logon 

Windows 2000 

6.1 



31 Smartcard User 

Windows 2000 

11.1 



3 Subordinate Certification Authority 

Windows 2000 

5.1 

■ 


3 Trust Ust Signing 

Wndows 2000 

3.1 



3 User 

Wndows 2000 

3.1 



31 User Signature Only 

Wndows 2000 

4.1 




Windows 2000 

4.1 

IL 


13^ AndCtent ^ 

Windows Server 2008 Ent.. 

100.2 

Server Authentication, Clent Authentication 1 4 


The system displays the Duplicate Template dialog box. 

3. On the Duplicate Template dialog box, select the Windows Server 2008, 
Enterprise Edition option. 



The system displays the Properties of New Template dialog box. 

4. In the Properties of New Template dialog box, on the General tab, in the Template 
display name and Template name field, enter a display name for the template. 
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© Note: 

You must use the default entry for the Template name field. 

5. On the Extensions tab, underthe Extensions included in this template list, select 
Application Policies, and then click Edit. 
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The system displays the Edit Application Policies Extension dialog box. 
6. On the Edit Application Policies Extension dialog box, click Add. 
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The system displays the Add Application Policy dialog box. 

7. On the Add Application Policy dialog box, from the Application policies list, select 

Client Authentication, and then click OK. 
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8. Click Apply, and then click OK. 


Next steps 

Verify the newly added duplicate Web server certificate in the Certificate Templates 
list. 
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Importing the System Manager default CA certificate into the Lync Edge Trust 
Store 

Procedure 

1 . Log in to System Manager Web Console. 

2. Click Security > Certificates > Authority. 

3. Click Download pem file. Save the pern file with an appropriate name, for example, 
default-cacert.pem and upload to the Lync Edge server. 

4. Copy the System Manager CA certificate to the Lync Edge server. 

5. On the Lync Edge, run the management console, click Start > Run. 

6. In the Run dialog box, enter mmc , and click OK. 

7. On MMC Console, select File > Add/Remove Snap-in to launch the Add/Remove 
Snap-in wizard. 

8. In the Add/Remove Snap-in dialog box, click Add. 

9. On the Standalone tab, click Add. 

10. In the Add Standalone Snap-in dialog box, select Certificates and then click 
Add. 

11. In the Certificates Snap-in dialog box, select Computer Account and click 
Next. 
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12. In the Select Computer dialog box, select the default setting Local Computer and 
click Finish. 

13. In the Add Standalone Snap-in dialog box, click Close. And then in the Add/ 
Remove Snap-in dialog box, click OK. 

The system takes you to the MMC Console. 

14. Click Console Root, select Certificates > Trusted Root Certification 
Authorities. 

15. Select Trusted Root Certification Authorities, right-click Certificates and select 
All Tasks > Import. 

The system opens the Certificate Import Wizard. Follow the steps of the wizard and 
browse for the def ault-cacert. pem file. 

16. On the Certificate Import Wizard screen, click Next. 

17. In the Open dialog box, click Browse to locate the file and then click Next. 

18. Retain the default settings and then click Next. 

19. Click Finish to complete the Certificates Import Wizard. 

20. Verify the Certificate is in the Certificates/Trusted Root Certification 
Authorities/ Certificates list. 

a. Right-click Certificates and select Refresh to update the certificates list. 

The system might display the certificate as the default setting. 

b. Verify that the serial number and the expiry date of the System Manager 
certificate match the serial number and the expiratory date of the new default 
certificate that appears in the certificate list on the Edge server. 

c. To determine the serial number and expiry date of the System Manager 
certificate, enter the following command on the Presence server: openssl 
x509 -in $PRES HOME/jabber/xcp/certs/default-cacert.pem - 
noout -text. 

The details of this certificate must match the default certificate added to Edge 
server. 

d. To determine if the certificate was added, double-click the certificate in the list 
of certificates. 

If the system does not display a default certificate, then the Presence Services 
CA Certificate has not been added to the Lync Edge server's Trusted Root 
Certificates. 

C Note: 

The default-cacert.pem is the name given to the System Manager CA certificate 
when the system downloads the from the System Manager security management 
page. 
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DNS Administration 

Adding a DNS SRV record for the OCS Gateway 

On the DNS for the Microsoft domain, which is the DNS server that Edge server uses, the 
FQDN of the Presence Services specified in the network address in the IM provider section 
must be resolvable. You must also add a DNS SRV record for the Presence server (OCS 
Gateway). 

You must create the DNS records that meet the following criteria: 

1. When Presence Services contacts Edge server, Presence Services provides a 
certificate that contains the Presence Services FQDN. Ensure that this FQDN is 
resolvable in the DNS of the OCS. 

2. The Edge server performs a DNS lookup on the Presence Services FQDN. The 
Edge server rejects the TLS connection request with Presence Services if the DNS 
server does not return the same FQDN as in the certificate. 

3. The Edge server performs a reverse DNS lookup on the IP address of Presence 
Services. The Edge server rejects TLS connection request with Presence Services 
if the DNS server does not return the same IP address as in the certificate. 

4. The OCS Edge server performs a SRV DNS lookup for the SRV record 
_sipfederationtls ._tcp. <PS domain>. The PS domain is also referred to 
as the Router Service Name. PS domain is the domain part of the SIP URI in a SIP 
request originating from the Presence server. It gets the SIP domain from the name 
of the Presence Services user requesting the subscription. In this case, the SIP 
domain is the Presence ID domain of the Presence server. 

O Note: 

If the firewall on Microsoft Edge server is on, update the firewall so that the 
Presence server can gain access to port 5061 on the Edge server. 

Adding New Host (A) 

Procedure 

1. On the OCS DNS server, right-click the domain that you just created and select 

New Host (A). 

2. In the New Host dialog box, enter the Presence server name and IP address. For 
example, ipsdemo-ipsl. ipsdemo . com. 

3. Click Add Host > Done. 

O Note: 

When you add New Host (A) in DNS, check the associated pointer. This 
associated pointer may eliminate the need to add the machine name to the 
Reverse Lookup Zone if that zone already exists. 
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Adding a new reverse pointer 
Procedure 

1. On the OCS DNS server, in the left navigation pane, select Reverse Lookup 
Zones > New Zone. 

2. To add a new zone, on the Action menu, click New Zone > Next. 

3. Select Primary zone and Store the zone in Active Directory. 

4. Click Next. 

5. Select To all DNS servers in the Active Directory domain .... 

6. Click Next. 

7. Enter the Network id corresponding to the Presence server, and click Next. 

8. Select Allow both non-secure and secure dynamic updates, and click Next. 

9. Click Finish. 

10. Right-click on the new zone you just created and select New Pointer (PTR).... 

11 . In the Host IP number field, enter the Host IP number of the Presence server. 

12. In the Host Name field, enter the Host Name of the Presence server. 

13. Click OK. 


Adding OCS Gateway as an IM service provider for Microsoft OCS 
Procedure 


1. Click Start > All Programs > Administrative Tools > Computer Management. 

The system displays the Computer Management window. 

2. In the left navigation pane, expand Services and Applications and then select 

Microsoft Office Communications 2007. 

3. Right-click Microsoft Office Communications 2007 > Properties. 

4. On the IM Provider tab, click Add. 

Enter details in the following fields: 

• IM service provider name: This name must match the Presence ID domain 
name used by the Presence server. For example, ipsdemo.com 

• Network address of the IM service provider Access Edge: This address 
must match the hostname of the Presence server. For example, ipsdemo- 

ipsl.ipsdemo.com. 


• This is a public IM service provider: Do not clear this field. 

• Allow all communications from this provider: Select this option for filtering 
incoming communication. 
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5. Click OK. 


Adding OCS Gateway as an IM service provider for Lync 
Procedure 

1. On the Lync Front End Server, click Start > All Programs > Microsoft Lync Server 
2010 > Micrsoft Lync Server Control Panel. 

0 Note: 

Log in as a user from Active Directory, who is a member of the CSAdministrator 
group. (The user account cannot be the local administrator of the server running 
Lync Server 2010, Standard Edition) You may need to add a user to the 
CSAdministrator group, and if that user is currently logged on, log them off and 
on again to register the group membership update. 

2. Linder External User Access, click Provider. 

3. Click New > Public Provider. 

4. Ensure that you select the Enable communications with this provider check 
box. 

5. Specify the JID domain name that the Presence server uses for Provider and the 
Presence server FQDN for the Access Edge (FQDN). 

6. Click External User Access and then click the External Access Policy tab. 

7. Select the global policy and click Edit. 

The system displays the Edit External Access Policy screen. 

8. Ensure that you select the following: 

• Enable communications with federated users 

• Enable communications with remote users 

• Enable communications with public users 

9. To save the changes, click Commit. 

10. Click the Access Edge Configuration tab and then click Edit. 

The system displays the Edit Access Edge Configuration screen. 

11. Ensure that you select the following: 

• Enable federation 

• Enable partner domain discovery 

• Enable remote user access 

• Enable anonymous user access to conferences 

12. To save the changes, click Commit. 
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Enabling an OCS user for remote access and federation 
Procedure 

1. Click Start > All Programs > Administrative Tools > Microsoft Office 
Communications Server 2007 R2. 

2. Right-click Forest and select Properties > Global Properties. 

The system displays the Office Communications Server Global Properties 

dialog box. 

3. On the Federation tab, select Enable Federation and Public IM connectivity. 

4. In the FQDN field, enter the external FQDN of the OCS Edge server. 

5. In the Port field, enter 5061 . 

6. Click Start > All Programs > Administrative Tools > Active Directory Users and 
Computer. 

7. In the left navigation pane, click Users. 

8. Double-click an enterprise user. 

The system displays the Properties dialog box of the selected user. 

9. In the Properties dialog box of the user, click the Communications tab, and then 
click Configure... next to Other settings. 

10. In the Other Options dialog box: 

a. Select Enable federation 

b. Select Enable remote user access 

c. Select Enable public IM connectivity 

d. Click OK 

e. Click OK 

11. Repeat the steps for all other OCS users. 


Enabling a Lync user for remote access and federation 
Procedure 

1. On the Lync Front End Server, click Start > All Programs > Microsoft Lync Server 
2010 > Lync Server Control Panel and gain access as a CSAdministrator group 
user. 

2. In the left navigation pane, click Users. 

3. In the Provided Search Filter field, enter all or part of the name of an Active 
Directory user that you want to enable for Lync. 

4. In the search results displayed, select a user you want to enable and click Edit. 
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5. Ensure that you select Enable for Lync Server check box, and in the SIP 
address field, enter the login handle for the user, selecting the enterprise SIP 
domain from the drop-down. 

6. Ensure that system defaults the Registrar pool field to the Lync Front End pool. 

7. For Telephony, select PC-to-PC only. 

8. For External Access Policy, select from the following choices: 

• Global: Ensure this policy is correctly set to allow federation as described in 
an earlier section. 

• Custom policy: Ensure that you enable Federation, Public, and Outside 
Access. 

9. For all other policy fields, select Automatic. 

10. Repeat the steps for all other users you want to enable for Lync remote access and 
federation. 


Restarting the Edge server service after completing changes to DNS 
About this task 

The Edge server hold a cache of DNS information. Restart Edge server if you have entered 
an incorrect DNS entry. You must recreate the entry to prevent Edge server from storing the 
incorrect DNS records. 

Procedure 

1. On the Microsoft Edge Server, click Start > Administrative Tools > Services. 

2. Locate the Office Communications Server Access Edge service. 

3. Right-click Office Communications Server Access Edge service and select Start 
> Start all stopped Services. 


Presence Services Trust Management for OCS integration 

Downloading the CA that signed the certificate for the External Interface of 
the Edge server 

About this task 

You must add the CA, which signed the certificate that the External Interface of the Edge server 
uses, to the Presence Services list of trusted CAs. Download the CA from a standalone 
Microsoft Enterprise Certificate Authority and convert the CA to a format that you can use on 
Presence Services. 

Procedure 

1. From a Microsoft server, enter http : / /<CA_Machine>/certsrv/ in the 
address bar. 

The system displays the Web enrollment page of the Certificate Authority. 
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2. On the Web enrollment page, click Download a CA certificate, certificate chain, 
or CRL > Download CA certificate chain > Save. 

3. In Windows Explorer, double-click the filename. p7b file. 

The system displays a Certificates window. 

4. In the left pane of the Certificates window, click the file name. 

5. Click the Certificates folder. 

The system displays a list of certificates. 

6. Select a certificate to convert to the PEM format. 

7. Right-click the certificate, then select All Tasks > Export to display the Certificate 
Export wizard. 

8. On the Certificate Export wizard, click Next. 

9. Select the Base-64 encoded X.509 (.CER) option. 

10. Click Next. 

Base-64 encoded is the PEM format. 

11. In the File name field, enter a name for the converted digital certificate. 

12. Click Next. 

13. Copy the Microsoft root CA to any location on Presence Services. For 
example, /opt/Avaya/Presence/jabber/xcp/certs Or $ JABBER_HOME/certs. 

14. Run dos2unix <msroot>.cer. 

15. Run $PRES_HOME/presence/bin/prescert addTrusted pem<msroot>.cer alias 
<optional name>. 


Adding Federation Domain to the Presence Services Global Router 
Configuration 

About this task 

When the Presence server receives presence subscriptions from the OCS domain, the 
subscriptions are subject to authorization rules, and the Presence server applies the ACL 
controls to the subscription. As the subscribing user is effectively an external user that is 
external to Avaya Aura® and external to Presence Services, by default, the system treats the 
authorization as a CONFIRM ACL. To apply this CONFIRM policy, Presence server must 
recognize the OCS domain. Therefore, you must add the OCS domain to the Federation 
Domain list in the Presence Services global router configuration. 

Procedure 

1. Log in to the XCP Controller Web interface. 

2. On the home page, scroll to the Core Router and click the Edit link. The system 
displays the Global Settings Configuration page. 
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3. In the Federation Domains section, select the Federation Domain(s) check box, if 
not already selected, and add the OCS domain to the Federation Domain. 


Stopping the Presence server 

Avaya recommends that you use a script instead of the Presence Services Web GUI to stop 
the entire Presence Services system. 

Before you begin 

Before you stop Presence Services, you must have an instance of Presence Services running 
on your server. 

About this task 

The purpose of this task is to terminate the activity of Presence Services. 

Procedure 

To stop Presence Services, run /opt/Avaya/Presence/presence/bin/ 
s top.sh 

O Note: 

You can use this script to stop jadderd. 


Starting the Presence server 

Avaya recommends that you use a script instead of the Presence Services Web GUI to start 
the entire Presence Services system. 

Before you begin 

Before you start Presence Services, you must have an instance of Presence Services on your 
server that is not currently running. 

About this task 

The purpose of this task is to start or restart the activity of Presence Services. 

Procedure 

To start Presence Services, run /opt/Avaya/Presence/presence/bin/ 
start.sh 

O Note: 

You can use this script to start jadderd. 
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Verifying the trust configuration 
Procedure 

1. Log in to the OCS Edge server. 

2. On the prompt, type nslookup <fqdn of Presence Services>. The system 
returns the IP address of the Presence server. 

3. Type, nslookup <IP Address of Presence Services>. 

The system returns the FQDN of the Presence Services machine and port 5061. 

4. Log in to the Presence server and use the presstatus tool, which is located in 

the /opt/Avaya/Presence/presence/bin directory, to see the status of the 
Microsoft Office Communications Server Integration component. 

5. Use the /opt/Avaya/Presence/presence/bin/prescert list command 
and ensure that the OCS CA certificate is in the trust store. 

6. On the Presence server, enable the logging for RTC Collector in /opt/Avaya/ 
Presence/presence/lib/path/log4 j .xml and look into the output log file 

at /var/log/presence/presence-container-1.presence local.log. 

For more information on disabling the logging for RTC Collector, see the 
Troubleshooting Avaya Aura® Presence Services guide. 


Adding Microsoft OCS/Lync SIP user handles or RTC handles to System 
Manager 

Procedure 

1. Log in to System Manager Web Console as an administrator. 

2. On System Manager Dashboard, click User Management > Manage Users. 

3. On the User Management page, select the relevant user and click Edit. 

4. On the User Profile Edit page, click the Communication Profile tab. 

5. On the Communication Profile page, click New in the Communication Address 
section. 

6. From the Type drop-down list box, select Microsoft OCS SIP. 

7. In the Fully Qualified Address: field, enter the handle and domain details. 

For example, in the Handle field, enter sip: handle and in the Domain field, enter 

ocsdomain.com. 

8. Click Add. 


Changing the Cipher Suite Order 

An issue was identified in Windows Server 2008 while establishing a communication between 
the Lync Edge and an external provider through Public Internet Cloud (PIC). The initial SSL 
dialog established between the Presence server and Lync Edge needs to use a different cipher 
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suite in place of the default cipher suite in Windows Server 2008. This requires modifying the 
Cipher Suite Ordering on the Windows Server on which you deploy the Lync Edge. You must 

use the tls_rsa_with_rc4_128_md5 cipher suite. 

Procedure 

1. On the Windows Server 2008 (x64) Edge server, click Start > Run > gpedit.msc 
> OK. 

2. In the Group Policy Object Editor, click Computer Configuration > Administrative 
Templates > Network. 

3. Under Network, click SSL Configuration, and then double-click SSL Cipher Suite 
Order (by default, the SSL Cipher Suite Order is set to Not Configured) 

4. Select the Enable radio button. 

5. From the SSL Cipher Suites text box, copy the entire text from the SSL Cipher Suites 
text box to a Notepad. It should look like the following: 

TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA 

,TLS_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TL 

S_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256,TLS_ECDHE_ECDSA_ 

WITH_AES_128_CBC_SHA_P384,TLS_ECDHE_ECDSA_WITH_AES_128_CB 

C_SHA_P521 ,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256,TLS_E 

CDHE_ECDSA_WITH_AES_256_CBC_SHA_P384,TLS_ECDHE_ECDSA_WIT 

H_AES_256_CBC_SHA_P521,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 

_P256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384,TLS_ECDHE_RS 

A_WITH_AES_128_CBC_SHA_P521,TLS_ECDHE_RSA_WITH_AES_256_CBC 

_SHA_P256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384,TLS_ECDH 

E_RSA_WITH_AES_256_CBC_SHA_P521 ,TLS_DHE_DSS_WITH_AES_128_C 

BC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_ 

3DES_EDE_CBC_SHA,TLS_RSA_WITH_RC4_128_MD5,SSL_CK_RC4_128_ 

WITH_MD5,SSL_CK_DES_192_EDE3_CBC_WITH_MD5,TLS_RSA_WITH_NU 

LL_MD5,TLS_RSA_WITH_NULL_SHA 

You must move the tls_rsa_with_rc4_12 8_md5 value to the beginning of the 
list. 

6. In your Notepad, where you have copied the text from the SSL Cipher Suites text 
box, search for the tls_rsa_with_rc4_12 8_md5 value and move it to the beginning 
of the list. It should look like the following: 

TLS_RSA_WITH_RC4_128_MD5,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_ 

RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_RC4_128_SHA,TLS_RSA_ 

WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_S 

HA_P256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384,TLS_ECDH 

E_ECDSA_WITH_AES_128_CBC_SHA_P521,TLS_ECDHE_ECDSA_WITH_AE 

S_256_CBC_SHA_P256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P 

384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P521 ,TLS_ECDHE_RS 

A_WITH_AES_128_CBC_SHA_P256,TLS_ECDHE_RSA_WITH_AES_128_CBC 

_SHA_P384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P521,TLS_ECDH 

E_RSA_WITH_AES_256_CBC_SHA_P256,TLS_ECDHE_RSA_WITH_AES_256 
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_CBC_SHA_P384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P521,TLS_ 

DHE_DSS_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC 

_SHA,TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,SSL_CK_RC4_128_WIT 

H_MD5,SSL_CK_DES_192_EDE3_CBC_WITH_MD5,TLS_RSA_WITH_NULL_ 

MD5,TLS_RSA_WITH_NULL_SHA 

7. Copy the recently formatted list back into the SSL Cipher Suites text field, click 

OK. 

8. For the changes to take effect, restart the Windows Server 2008 (x64) Edge 
server. 


Troubleshooting 

Enabling logging for RTC Collector 
Procedure 

1. Log in to the Presence server. 

2. Make changes to the /opt/Avaya/Presence/presence/lib/path/ 
log4 j . xml file. 

3. To enable the RTC Collector logs, enable the relevant section and change the level 
as required in log4j.xml. 

dogger 

name="events.operational.com.avaya.presence.server. RTCCollector"> 
devel 

value="FINEST#com.avaya.common.logging.client.LogLevel"/> 

</logger> 


Enabling logging for OCS Gateway 
Procedure 

1. Log in to the Presence server. 

2. Once logged in, type the following command to log in as the root user: su root 

3. Check the current log level, type /opt/Avaya/Presence/jabber/xcp/bin/ 
updateLogLevel.sh cm-2 -c. 

O Note: 

OCS Gateway logging is typically set at the WARN level. To diagnose any issue, 
you must increase the logging level to DEBUG. 
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4. To increase the logging level, type the following command until you reach the 
DEBUG level, /opt/Avaya/Presence/jabber/xcp/bin/ 
updateLogLevel.sh cm-2 -i. 

5. Check the filtering level of the rsyslog logger in the /etc/rsyslog.conf file. 

6. Restart the logging service, type Service rsyslog retstart to restart service 
logging. 

O Note: 

Service rsyslog sends the OCS Gateway logging to the /var/log/messages file. 
You can recognize the OCS Gateway records by the logging tag OCS_GW in 
each of the associated log output entries from the OCS Gateway. The system 
sends the debug level logging messages from the OCS Gateway to /var/log/ 
messages and extracts these messages to assist in diagnosing any problems 
that you might encounter. 


Changing the default logging level 
Procedure 

1. Log in to the Presence server. 

2. Make changes to the /opt/Avaya/Presence/presence/lib/path/ 
log4 j . xml file. 

3. Enable the relevant section and change the level as required. 

<logger name="events.operational"> 

<level 

value="WARN#com.avaya.common.logging.client.LogLevel"/ 

> 

</logger> 
to, for example, 

<logger name="events.operational"> 

<level 

value="INFO#com.avaya.common.logging.client.LogLevel"/ 

> 

</logger> 


O Note: 

The system generates more log records if you set a level lower. Do not set a low 
level for a long period of time. If you do, you will have to navigate through unwieldy 
log files. Set a lower log level for individual components as opposed to changing 
the default for the whole Presence server. 

If the log level of a component is increased to the DEBUG level then you must 
change it back to the ERROR level as soon as the required debug logs are 
collected for debugging. 
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OCS server side logging 

Starting SIP logging on OCS Edge 
Procedure 

1. Click Start > Control Panel > Administrative Tools. 

2. Double-click Computer Management. The system displays the Computer 
Management page. 

3. Click Services and Applications and then select Microsoft Office 
Communications Server. 

4. Right-click Microsoft Office Communications Server and select Logging Tool > 
New Debug. The system displays the Microsoft Office Communications Server 
2007 Logging Tool page. 

5. From the Components list, select SIPStack. 

6. Click Start Logging. 


Starting SIP logging on OCS Server 
Procedure 

1. Click Start > Control Panel > Administrative Tools. 

2. Double-click Microsoft Office Communications Server 2007. The system 
displays the Microsoft Office Communications Server 2007 page. 

3. Click Enterprise pools. 

4. Right-click Pools > New Debug Session. 

5. From the Components list, select SIPStack. 

6. Click Start Logging. 


Enabling logging on the OCS server 
Procedure 

1. On the Microsoft Office Communications Server 2007 Logging Tool page, click Stop 
Logging. 

2. Click Analyze Log Files or View Log Files. 

C Note: 

• When you click View Log Files, the system displays the trace in the text 
mode. 

• When you click Analyze Log Files, the system displays the trace in the GUI 
mode. 
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3. In the Snooper GUI, check all the SIP trace messages. 


Lync server side logging 

Starting SIP trace on Lync Edge 
Procedure 

1 . Click Start > Microsoft Lync Server 2010 > Lync Server Logging Tool. 

The system displays the logging properties page, where you can select components 
and flags for the logging sessions. 

2. From the Components list, select SIPStack. 

3. Click Start Logging. 


Starting SIP trace on Lync server 
Procedure 

1 . Click Start > Microsoft Lync Server 2010 > Lync Server Logging Tool. 

The system displays the logging properties page, where you can select components 
and flags for the logging sessions. 

2. From the Components list, select SIPStack. 

3. Click Start Logging. 


Checking the SIP trace 
Procedure 

1. On the Microsoft Office Communications Server 2007 Logging Tool page, click Stop 
Logging. 

2. Click Analyze Log Files or View Log Files. 

C Note: 

• When you click View Log Files, the system displays the trace in the text 
mode. 

• When you click Analyze Log Files, the system displays the trace in the GUI 
mode. 

3. In the Snooper GUI, check all the SIP trace messages. 
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Microsoft Exchange Collector integration 


Overview 

Exchange Collector is a Presence Server component which provides integration with an 
Microsoft (MS) Exchange Enterprise deployment. Exchange Collector collects and publishes 
the Calendar and Out of Office Assistant information for Exchange Mailboxes. The Exchange 
Mailbox servers manage Exchange Mailboxes. 

The Exchange server provides an availability service, which makes the free or busy information 
of the users available to the external clients. Exchange Collector functions as one of these 
clients. Exchange Collector uses the polling mechanism to collect the Calendar and Out of 
Office Assistant records from the Exchange server by using MS Exchange Web Service (EWS) 
and converts the Calendar and Out of Office Assistant records into the presence information 
in the PS PIDF format. Using the publishing services of the IPS framework, Presence Services 
publishes the presence information as a presence fragment. 

Presence Services 6.2 supports the following versions of MS Exchange Server: 

•2007 

•2010 

• 2010 Service Packs 

O Note: 

One Presence server supports only one Exchange Collector. 

Related topics: 

Checklist for integrating Exchange Collector with Presence Services on page 113 

Checklist for integrating Exchange Collector with Presence Services 


# 

Task 

Server 

Notes 

✓ 

1 

DNS Requirement: Ensure 
all Client Access Servers 
(CAS) in the Exchange 
deployments are resolvable 
by the Presence server. 

Presence server 



2 

Autodiscover Service: 

Ensure that the Presence 
server can resolve 
autodiscover .<yourExchang 
eDomain> to one of the 

Presence server 
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# 

Task 

Server 

Notes 

✓ 


CASs configured for 
autodiscovery. 




3 

Add the Microsoft Exchange 
user handles to System 
Manager. 

Presence server 



4 

Create a new Active 
Directory user to be used as 
the Presence Services 
account. 

MS Exchange server 



5 

Set Full Access Permissions 
for Exchange Mailboxes. 

MS Exchange server 



6 

Configure Exchange 
Services for the 
autodiscover service on 
each CAS. 

MS Exchange server 




Install and configure Exchange Collector 

Exchange Collector XCP configuration 

You can configure the Exchange Collector component during the installation or post installation 
of the Presence Services server. By default, Presence Services does not include the Exchange 
Collector component during the installation. 

You can install Exchange Collector during: 

• The Presence Services installation or post Presence Services installation 

• The Silent installation 

• The Software-only installation 

Parameters for configuring MS Exchange Collector on the Presence Services server 


Configuration 

view 

Field 

Description 

Default value 

Required 

Basic 

Exchange 
Server Web 
Service URI 

Specifies the MS 
Exchange Server Web 
services URI for one of 
the Exchange CASs in 
your organization. For 
optimum performance, 
set this server as 
Exchange Server which 

ChangeThis 

Yes 
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Configuration 

view 

Field 

Description 

Default value 

Required 



is CAS for most of the 
mailboxes of your 
organization. 



Advanced 

Calendar 
Refresh 
Interval, in 
mins 

Specifies how often the 
system refreshes the 
Calendar information for 
users. This is the rate at 
which the collector will 
poll the exchange server 
for users’ availability and 
send the latest exchange 
presence tuple 
information internally to 
the XCP core. 

15 

Yes 

Advanced 

Calendar 
Request 
Rate Per 
Minute 

Specifies how many 
Calendar Information 
requests are forwarded 
to the Exchange server 
per minute. 

10 

Yes 

Advanced 

Out of 

Office 
Assistant 
Refresh 
Interval, in 
mins 

Specifies how often the 
system must refresh the 
Out of Office Assistant 
information for users. 

30 

Yes 

Advanced 

Out of 

Office 
Assistant 
Request 
Rate Per 
Minute 

Specifies how many Out 
of the Office Assistant 
requests must be 
forwarded to the 
Exchange Server per 
minute. 

O Note: 

The system makes the 
web service call for the 
Out of the Office 
Assistant information 
on a per user basis, 
unlike Calendar 
Information that the 
system calls for a 
batch of users. 

360 

Yes 

Advanced 

Publishing 
Interval, in 
mins 

Specifies how often the 
system refreshes the 
published Calendar/Out 

5 

Yes 
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Configuration 

view 

Field 

Description 

Default value 

Required 



of the Office Assistant 
Information for users. 

0 Note: 

Only those users 
whose Calendar/Out 
of the Office Assistant 
Information has 
changed will be re¬ 
published each 
period. 



Basic 

Exchange 
User Name 

Specifies the exchange 
user to authenticate with, 
when polling for 
Calendar/Out of the 

Office information from 
the Exchange Servers. 

0 Note: 

This should be the 
user login ID for a user 
with the required 
permissions to read 
mailbox information 
for the requested 
users. 

ChangeThis 

Yes 

Basic 

Exchange 

User 

Password 

Specifies the password 
of the exchange user to 
authenticate with, when 
polling for Calendar/Out 
of the Office information 
from the Exchange 
Servers. 


Yes 

Basic 

Confirm 

Password 

Confirm password 
entered previously. 


Yes 


Parameters for the Exchange Collector Component configuration during the silent 
installation 

You can add Exchange Collector Component during the Presence Services silent installation 
by specifying the Exchange configuration parameters in the autolnstall_PS.properties file. The 
following configuration parameters, except for inclEXC, have a one-to-one mapping with the 
XCP configuration parameters. 
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Field 

Description 

inclEXC 

• To install Exchange Collector, set to true. 

• To prevent the installation of Exchange Collector, 
set to false. 

EXCURI 

This corresponds to the XCP parameter: Exchange 
Server Web Service URL 

EXC CALENDAR REFRESH RAT 

E 

This corresponds to the XCP parameter: Calendar 
Refresh Interval (mins). 

EXC CALENDAR REOUEST RAT 

E 

This corresponds to the XCP parameter: Calendar 
Request Rate Per Minute. 

EXCOOTOREFRESHRATE 

This corresponds to the XCP parameter: Out of 
Office Assistant Refresh Interval. 

EXCOOTOREOUESTRATE 

This corresponds to the the XCP parameter: Out of 
Office Assistant Request Rate Per Minute. 

EXCPUBLISHINGPERIOD 

This corresponds to the XCP parameter: Publishing 
Interval (mins). 

EXCJJSERNAME 

This corresponds to the XCP parameter: Exchange 
User Name. 

EXCUSERPASS 

This corresponds to the XCP parameter: Exchange 
User Password. 


When you configure Exchange Collector Component during the installation, Exchange 
Collector Component starts automatically after you start the Presence Services server. There 
is a 2 minute delay during the Presence Services server start up process and before Exchange 
Collector attempts to connect to the configured Exchange server. This delay is to allow for the 
System Manager replication to complete. After the 2 minute delay, Exchange Collector 
publishes the initial calendar status, Available, for all the exchange handles. Subsequent status 
publishing occurs at each publishing period, and the system publishes only those mailboxes 
whose status information changes again. 

Installing Exchange Collector Component during the Software-only installation 
Procedure 

1 . On the Presence Components screen, select the Exchange Collector 
Component option and click Next. 
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2. On the Exchange Component Configuration screen, enter the following details: 


Field 

Value 

Exchange Server Web Service URI 

ChangeThis 

Calender Refresh Interval (mins) 

15 

Calender Request Rate Per Minute 

10 

Out Of Office Assistance Refresh 
Interval (mins) 

30 

Out Of Office Assistance Request 
Rate Per Minute 

360 

Publishing Interval (mins) 

5 
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Field 

Value 

Exchange User Name 

ChangeThis 

Exchange User Password 

Enter the Exchange user password 

Retype Password 

Enter the password again. 



3. To continue with the installation, click Next. 

For information on the remaining installation steps, see Implementing Avaya Aura® 
Presence Services. 


Installing Exchange Collector Component after the Presence Services installation 
About this task 

You can enable Exchange Collector Component after the Presence Services installation using 
the XCP Controller Web console. 
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Procedure 

1. Log in to the Presence Services XCP Controller Web console. 

2. In the Add a new drop-down list, select Exchange Collector and then click Go. 



Status 


Running 

Running 

Running 

Running 

Running 

Running 

Running 

Running 

Running 

Running 

Running 


Message Archiver 
OpenPort 

Router-to-Router Connection 
Single Domain Name Support 
SIP Bulk Subscription Server 
SIP Presence Server 
Authorization Manager 
SIP Proxy 
IdMapper 
Presence Model 
Stanza Optimizer 
IM Transcripts 

Resource List Management Service 

AES Collector 

RTC Collector 

SES Collector 

XMPP Collector 

IBM Sametime Component 

Presence Container 


authzmanager-l. presence 


stanza-optimizer-1, presence 


SIP Presence Server 


SIP Proxy 


SIP Bulk Subscription 


Connection Manager 


Presence Server 


Presence Transformer 


Resource List Manager 


Generic Open Port 


IdMapper Component 


Authz Component 


Stanza Optimizer Com 




The system displays the Exchange Collector Configuration page. By default, the 
system displays the basic configuration view, but you must switch to the advanced 
configuration view. 
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Excliange^Colfector Component 
Exchange Collector Configuration 

Exchange Server Web Service URI 

Calendar Refresh Interval (mins) 

Calendar Request Rate Per Minute 

Out Of Office Assistant Refresh Interval (mins) 

Out Of Office Assistant Request Rate Per 
Minute 

Publishing Interval (mins) 

Exchange User Name 
Exchange User Password 
Confirm Password 


ChangeThis 


15 


10 

30 

360 

5 


ChangeThis 






Submit 


Reset 


Cancel 


Fields marked with a * require values. 
Help 



3. To save the changes, click Submit. 

Click Home to go back to the Presence Services XCP Controller Home page and 
check if the system displays the new entry in the Components section. For example, 
exchange-collector-1 .presence. 

4. After the Exchange Collector configuration finishes, restart the Presence Services 
server. 

There is a 2 minute delay after startup, before Exchange Collector attempts to 
connect to the configured Exchange server. This delay is to allow for System 
Manager replication to complete. 

After the 2 minute delay, the system publishes an initial Calendar status Available 
for all exchange handles. Subsequent status publishing occurs at each publishing 
period, and only those mailboxes whose status information has changed gets a new 
publish fragment. 


DNS requirements for the Exchange Collector support on the Presence server 

For Exchange Collector to communicate with the Exchange CAS servers, Exchange Collector 
must resolve the URI of Exchange Web Services configured on each of the URI. For example, 
if the Exchange Web Service internal and external URLs for one of the Exchange CASs is 
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https://CAS1-FQDN.<MyExchangeDomain.com>/EWS/Exchange.asmx. Then the Presence 
server must be able to resolve the CAS1-FQDN.<MyExchangeDomain.com domain. 

If the URIs on internal and external Exchange Web Service on an Exchange CAS are different, 
then the Presence server must resolve both URIs. 

In an organization, all the Exchange CAS servers, the Presence server must resolve mailboxes 
monitored by Exchange Collector Component. 

The Exchange Collector configuration for the Exchange Autodiscovery service 

Exchange Collector uses the Exchange Autodiscovery service to retrieve all Exchange CAS 
that hosts the mailboxes monitored for presence. 

For the Autodiscovery service to work: 

• The Presence server must be able to resolve ‘autodiscover.<ExchangeDomain.com>’. 
For example, autodiscover.MyOrganizationName.com to an Exchange CAS, which 
supports autodiscovery. For more information on how to configure the autodiscover 
service on Exchange, see Microsoft documentation. 

• The Presence server must be able to resolve all Exchange CAS that hosts the mailboxes 
monitored for presence. 

The Exchange deployment of an organization might consist of several CASs. Exchange 
Collector creates a list of CASs, using autodiscovery, and route the web service requests to 
the relevant CAS for each mailbox. Exchange Collector starts and communicates with the 
configured Exchange Server URI. Based on the assumption that a percentage of the mailboxes 
is hosted on the Exchange server, Exchange server routes the first request for each mailbox. 
If the Exchange server is unsuccessful in retrieving mailbox information, the system uses the 
Exchange server to call the autodiscovery service for retrieving the correct Exchange server 
URI for that mailbox, and stores the correct URI for future requests. 

Manually adding the Exchange user handles on System Manager 
Procedure 

1. Log in to System Manager Web Console as an administrator. 

2. On System Manager Dashboard, click User Management > Manage Users. 

3. On the User Management page, select the relevant user and click Edit. 

The system displays the User Profile Edit page. 

4. Click the Communication Profile tab. 

5. In the Communication Address section, click New. 

6. In the Type drop-down box, select Microsoft Exchange. 

7. In the Fully Qualified Address: field, enter the handle and domain details. For 
example, in the Handle field, enter <mailbox_user_name> and in the Domain 
field, enter <mailbox my domainX 

8. Click Add. 
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O Note: 

Repeat the procedure for each user who wants the exchange presence 
information. 


Verifying the Exchange Collector configuration 

Verifying the Exchange Server connection status 
Before you begin 

Ensure that: 

• The Presence server can resolve each Exchange CAS in the organization and resolve 
the autodiscover service endpoint. 

• You have the Presstatus tool. Use the presstatus tool on the Presence Services server 
to verify the connection status to each Exchange CAS. 

Procedure 

Log in to the Presence server and run the »$PRES_HOME/bin/presstatus 
command. 

Component: Microsoft Exchange Server (Disconnected) 

Component: https://135.64.28.130/EWS/Exchange.asmx 
(Disconnected) 

When the Exchange Collector starts, during the first 2 minutes, the Exchange Collector 
is in a Disconnected state, and the system displays the one configured Exchange Client 
Access Server as its only sub-component, also in a Disconnected state. 

Once the Exchange Collector makes its first web service call to the configured 
Exchange Client Access Server, if the connection is successful, the status for this 
Exchange Server should change to “Connected”. In addition, if the web service call 
results in a failure to read mailbox information for a handle, the system calls the 
autodiscovery service to determine the correct Exchange CAS for the handle. If the 
autodiscovery service is successful, the system adds another sub-component to the 
list, although its connection will not yet have been tried, so the system displays a 
“Disconnected” state until the next refresh period. 

Component: Microsoft Exchange Server (Partially Connected) 

Component: https://135.64.28.130/EWS/Exchange.asmx (Connected) 

Component: https://ex2010-agnew.agnew.com/EWS/Exchange.asmx 
(Disconnected) 
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During the next refresh period, the second sub-component connection will now be 
tested, and if it is successful in returning mailbox information for its handles, the status 
should now be Connected: 

Component: Microsoft Exchange Server (Connected) 

Component: https://135.64.28.130/EWS/Exchange.asmx (Connected) 

Component: https://ex2010-agnew.agnew.com/EWS/Exchange.asmx 
(Connected) 


Guidelines for Exchange Collector performance tuning 

The default configuration values are based on supporting a deployment of Presence Services 
server at the full capacity of users. Do not increase the request rates or decrease the refresh 
schedules for retrieving Calendar Information or Out of the Office Assistant because changing 
the values might result in a degradation of the Exchange Collector performance. If support for 
full capacity users is not required, these rates may be improved accordingly. The 
recommended defaults were devised through stress tests on the Exchange Server to 
determine how many requests could be handled per minute. The Request and Refresh Rates 
are configurable in the Advanced XCP Configuration view. 

The Publishing Period default of 5 minutes is specified to control the rate of publishing requests 
to the core publishing framework which handles publishing requests for all the collectors. If this 
period is reduced, to allow for a more frequent refresh of presence status, it may impact on the 
core publishing framework, if it becomes overloaded with requests. 


Field 

Default value 

Calendar Refresh Interval ( mins) 

15 

Calendar Request Rate Per 
Minutes) 

10 

Out of Office Assistant Refresh 
Interval (mins) 

30 

Out of Office Assistant Request 
Rate Per Minute 

360 

Publishing Interval (mins) 

5 


Configure Exchange Server for Presence Services integration 

Exchange Server configuration for Presence Services integration 

to integrate the Exchange deployment of an organization with Presence Services, perform the 
following steps on each CAS in the deployment: 
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• Apply full access permissions for the XCP configured Exchange User on Exchange 
Mailboxes. 

• Allow for Exchange Collector retrieval of Calendar Event Subject Information. 

• Configure Exchange Services for the Autodiscover service. 

Related topics: 

Applying full access permissions for the XCP configured Exchange Users on Exchange 

Mailboxes on page 125 

Allowing for Exchange Collector retrieval of Calendar Event Subject information on page 

125 

Exchange Services configuration for the Autodiscover service on page 126 

Applying full access permissions for the XCP configured Exchange Users on 
Exchange Mailboxes 

About this task 

Using the configured Exchange user account, the Exchange Collector Component polls the 
Exchange servers for the mailbox information. To read the Out of Office Assistant information 
from mailboxes, the user account must have Full Access Permission on the mailboxes. 

Using the Exchange Management Shell, you can set full access permissions. 

Procedure 

On Exchange Management Shell, type Get-MailboxDatabase -identity 
[MailBox Database Name] | Add-ADpermission -user [Exchange 
Collector Username] —AccessRights GenericAll. 

Where, 

• [MailBox Database Name] is the name of the Exchange Server Mailbox Database 
Name. 

• [Exchange Collector Username] is the Exchange Collector username that you 
configure in XCP Controller. 

Run this command only once. When you add new users, the Exchange Collector user 
will have full access permission to the new users' mailboxes. 

For more information on setting Full Access Permissions, see MS Exchange 
documentation. 


Allowing for Exchange Collector retrieval of Calendar Event Subject 
information 

About this task 

When the Exchange Collector retrieves calendar events for a mailbox from the Exchange 
server, the event includes the Subject content for each event, only if that particular mailbox 
has applied a permission setting in their Calendar Folder options. 
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To receive calender events information, all the users must set these permissions. 

Procedure 

1. Open your Outlook client. 

2. Click Calender View > File > Folder > Calender Permissions > Permission 
Level. 

3. Set the default permission to, Free/Busy, Subject, and Location. 

The Calender Event Subject permissions are applied at the individual mailbox level. 
When you set a permission, the Exchange Collector only collects the content of the 
Subject for an event and displays the event as a <note> in the published Exchange 
tuple. If the permission is not set, the <note> element in the Exchange tuple contains 
only the type of the Calendar Event. For example, Tentative, Out-Of-Offce, or 
Busy. 

For more information on setting Calendar Folder permissions, see the MS 
Exchange documentation. 


Exchange Services configuration for the Autodiscover service 

Exchange Collector Component uses the Exchange Autodiscover service to retrieve Calendar 
information for the mailboxes. Configure Exchange Services for the Autodiscover service on 
the CASs in the domain. This involves setting the internal and external URIs for the Exchange 
Web Services virtual directory on each CAS. 

Typically, the system sets the internal URI by default and you need to set the external URI 
manually. 

For example, to manually set the external URI using the Exchange Management Shell, do the 
following: 


Set-WebServicesVirtualDirectory -identity "CAS01\EWS (Default Web Site)" - 
externalurl https://mail.contoso.com/EWS/Exchange.asmx -BasicAuthentication:$True» 

Alternatively: 

» Set-WebServicesVirtualDirectory -server <CAS Server hostname> -externalurl 
https : //mail ■ contoso . com/EWS/Exchange . asmx 


O Note: 

The Presence server must resolve the internal and external URIs specified for each CAS. 
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Troubleshooting Exchange Collector 

Changing the default logging level 
About this task 

Procedure 

1. Log in to the Presence server. 

2. Edit the file, $ PRES H0ME/presence/lib/path/log4 j . xml 

3. Uncomment and change the level in: 

<logger name=”events.operational’^ 

<level value=”WARN#com.avaya.common.logging.client. LogLevel”/> 

</logger> 

C Note: 

The lower the level you set, the more log records are generated. You may not 
want to set a lower level for a long period of time to avoid having to navigate 
through unwieldy log files. 


Enabling logging for Exchange Collector 
Procedure 

1. Log in to the Presence server. 

2. Edit the file, $PRES_HOME/presence/lib/path/log4j.xml 

3. To enable the Exchange Collector logs, add the following line in the log4j.xml: 
<logger 

name=”events. operational, com. avaya. presence, server. ExchangeCollector”> 
<level value=”FINEST#com.avaya.common.logging.client.LogLevel7> 

</logger> 

You can reduce the logging output by specifying a higher level such as FINER, 
FINE, or INFO instead of FINEST. 

In addition, you can also enable the debug level for Exchange Collector. 

4. Add the following entry to the file to enable debug logging for Exchange Collector 
Component: 

<logger name=”com.avaya.apas.exchange”> 

<level value=”FINEST#com.avaya.common.logging.client.LogLevery> 

</logger> 
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Again, you can reduce the logging output, by specifying a higher level such as 
FINER, FINE, or INFO instead of FINEST. 


Example 

Examples of logs and their meaning: 

Example 1 

<FATAL> 2012-03-26 13:07:27,658 [Timer-156] 

events.operational.com.avaya.presence.server.ExchangeCollector: OOTO refresh to 

short or request rate to high or server unreachable for collection 

< FATAL> 2012-03-26 13:07:27,658 [Timer-156] 

events.operational.com.avaya.presence.server.ExchangeCollector: Calendar refresh 

to short or request rate to high or server unreachable for collection 

Either or both of these log entries can indicate one of the following: 

• The rate at which Calendar or Out of the Office(OOTO) reguests are sent to the Exchange 
Server might be too high for the number of mailboxes. 

• The freguency at which Calendar or OOTO reguests are being sent to the Exchange 
Server might be too high for the number of mailboxes. 

• Problems with one of the Exchange Servers that is polled. For example, if one of the 
servers is temporarily powered down, reguests sent to this server time out resulting in 
performance degradation. If server does not process the reguests guickly, a backlog is 
created. 

Example 2 

<ERROR> 2012-03-26 13:31:10,644 [pool-4-thread-l] 

events.operational.com.avaya.presence.server.ExchangeCollector: 

EXCHANGE Exception thrown on Exchange Calendar Web Service call: The request 
failed, connect timed out; Cause: connect timed out 

This indicates that the server throws a time out message while attempting to read calendar 
information for mailboxes. A timeout can occur if there is an error with the Exchange Server 
URI specified. The configured Exchange Server URI may be incorrect, the DNS may need to 
be updated if an Exchange Server URI has changed, or the Exchange Server might be 
temporarily disconnected. 

Example 3 

<FINEST> 2012-03-26 14:07:07,943 [pool-5-thread-l] 

events.operational.com.avaya.presence.server.ExchangeCollector: 

EXCHANGE Exception thrown on Exchange Auto Discovery call: The Autodiscover 
service couldn't be located. 

This log entry indicates that there is a problem with the autodiscovery service. Either the 
Presence server is unable to resolve autodiscover.<your_Exchange_domain> or the 
configured Exchange Server is not correctly set up for the autodiscovery service on the web 
services. 

Example 4 

<FINE > 2012-03-26 14:05:31,998 [pool-4-thread-l] 

com.avaya.apas.exchange.collector.calendar.CalendarCollectionTask: 

WARNING : Exchange Web Service UserAvailability response Errors: 
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attendeeAvailability.getErrorCode()=ErrorMailRecipientNotFound for handle: 
<nonexistingexchangehandle@domain.com> 

This log entry indicates that a mailbox was not found and that a provisioned mailbox, which is 
no longer a valid mailbox in the exchange deployment, is found. 

Example 5 

<ERROR> 2012-03-26 14:20:12,377 [pool-4-thread-l] 

events.operational.com.avaya.presence.server.ExchangeCollector: 

EXCHANGE Exception thrown on Exchange Calendar Web Service call: The remote server 
returned an error: (401)Unauthorized 

This exception is thrown when the configured Exchange user credentials are invalid. Verify 
that the XCP configured credentials for the Exchange user account are correct. 

Example 6 

<FINEST> 2012-03-28 09:39:37,010 [pool-10-thread-l] 

events.operational.com.avaya.presence.server.ExchangeCollector: 

EXCHANGE Exception thrown on Exchange Auto Discovery call: The Autodiscover 
service couldn't be located. 

<FINE>2012-03-28 09:39:37,010 [pool-10-thread-l] 

com.avaya.apas.exchange.collector.ooto.OOTOCollectionTask: 

getUserAvailability for handle: joanne6@james.com seq= 168 took:100208 msec 

This exception means that the attempt to autodiscover the URL for the mailbox was not 
successful because the server could not contact the autodiscover service for that mailbox 
domain. Check that the autodiscover service is correctly set and the Presence server can 
resolve the autodiscover URL to one of the Exchange CASs. For more information, see 
Configure Exchange Services for the Autodiscover Service . 

Example 7 

<ERROR> 2012-03-28 10:00:16,679 [pool-ll-thread-1] 

events.operational.com.avaya.presence.server.ExchangeCollector: 

EXCHANGE Exception thrown on accessing Out of Office for mailbox: 
smtp_pm_9904@agnew.com. Permissions not set.Access is denied. Check credentials and 
try again. 

This exception is thrown when the configured Exchange User does not have the necessary 
permissions to view an exchange mailbox. 


IM Transcript Web service 


IM Transcripts Web Service configuration 

Presence Servicesadds an extra layer of security for the IM Transcript web service. You must 
modify the web.xml file for axis to ensure that SSL is used. 
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The IM Transcript web service also ensures a basic authentication mechanism. The users in 
the following groups are authorized to use the IM Transcript web service: 

• im-transcript-users 

• ips box in the im-transcript-users group 

For example, if you want to allow the craft user to get access to the IM Transcript Web Service, 
use the usermod -a -G im-transcript-users craft command. 

IM Transcripts Web Service configuration reference 

To meet regulatory requirements, Presence Services must be able to retrieve the transcripts 
of IM conversations. The IM Transcripts Web Service is an XCP component that is used to 
read the contents of the database. The server receives messages, and these messages are 
logged in the system database. According to regulatory requirements, Presence Services must 
be able to retrieve the transcripts of IM conversations. The IM Transcripts Web Service XCP 
component can read the contents of the database but cannot modify them. 

Related topics: 

IM Transcripts Web Service Configuration basic parameters on page 130 
IM Transcripts Web Service Configuration intermediate parameters on page 130 
IM Transcripts Web Service Configuration advanced parameters on page 131 

IM Transcripts Web Service Configuration basic parameters 
Description 

The description is displayed in the Components area on the controller’s main page. 

O Note: 

Avaya does not recommend that you have more than one IM Transcripts Web Service 
component at active at once. 

IM Transcripts Web Service Configuration intermediate parameters 
Router outbound connection information 

Enables the Presence Services router to connect to the component. For example, if the 
component is running outside your firewall, using this option, the router can connect to the 
component safely rather than introducing security risks by letting the component connect to it. 
By default, components connect to the router using the routers Master Accept Port. 

Component IP 

The IP address or host name of the system on which the component is installed. 

Port 

The port that the component uses for communications. 

Password 

The password that the router uses to authenticate the component. 
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Execute an external command 

Using this option, the router can start the component automatically. If you prefer to start the 
component from a command line, disable this option. 

Command line to run 

A default command runs the component automatically. You can modify it, if needed. 


O Note: 

Do not use the -B argument with this component. Since the IPS logger is already a daemon 
process, its children must not be daemons. 

Do not redirect output, because all output to STDOUT and STDERR are redirected to /dev/ 

null. 


Hostnames for this component 

This option specifies the hosts for which this component handles packets. Specify a host filter 
only if you want the component to be externally addressable. For example, if you want clients 
and other components or programs to communicate with it. This is because the mod_disco 
module in JSM uses host filters to return the component as something that is discoverable. 

Host Filters 

The host names or IP addresses for which you want this component to handle packets. 
Separate each host name or address with a line break. 

Host filters must be host names, or IPv4 or IPv6 addresses. If you use an IP address, the 
packet address must also use this IP address. 

IM Transcripts Web Service Configuration advanced parameters 
Run level 

The order in which this component shuts down. The runlevel must be an integer value greater 
than or equal to 0. Component shutdown is executed in reverse order of the specified runlevel; 
components with the highest level (typically 80) shut down first. 


O Note: 

Do not change the runlevel unless you know exactly what you are doing and understand the 
effects that changing it will have. The default runlevel is provided to help the system shut 
down as smoothly as possible, and is based on this component's dependencies upon other 
components. 

Timeout for shutdown 

The number of seconds that the server waits to receive acknowledgement from the component 
that the shutdown process has completed. If the component has not shut down by the time 
this time period has elapsed, the router leaves the process in its current state and continues 
shutting down other processes. 

Number of packets buffered when component is down 

The number of packets bound for the component that must be buffered if the component goes 
down. 


Bounce error packets to stderr 

Enables the router to send warnings to stderr when the component is down. 
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Buffer size in bytes for outgoing data 

The number of bytes the router must buffer when it sends information to the component. You 
may want to modify this element when working on performance enhancements. 

Buffer size in bytes for incoming data 

The number of bytes the router must buffer when it receives information from the component. 
You may want to modify this element when working on performance enhancements. 

IM Transcripts Component Configuration 
Start command 

The command used to start the Web service container. This may contain command line 
arguments. 

Stop command 

The command used to stop the Web service container, this may contain command line 
arguments. 

Database Driver 

JDBC driver the Web service use 

Database URL 

The URL used to connect to the database where the IM transcripts are stored. 

Database User Name 

The user name for the database where the IM transcripts are stored. 

Database Password 

The password associated with the Database user name. 


Connection Manager configuration 

Using Connection Manager, IM clients and external servers can connect to the XCP server. 
You can configure multiple instances of the Connection Manager to increase the number of 
connections your server can handle, configure multiple instances of Connection Manager. This 
also facilitates communication over different protocols. At the time of server installation, 
Connection Manager is already configured to handle XMPP connections from IM clients. You 
can configure additional Connection Manager for other purposes. For example, to handle 
SMTP connections to redirect offline messages to an e-mail server. You can install multiple 
Connection Managers on your primary XCP server. You can also install them on remote 
servers as described in Deploying Remote Connection Managers. 

Avaya strongly recommends that you configure a separate Connection Manager to handle 
each different communication task rather than configuring one Connection Manager to do 
everything. The reasons for this include: 

• Scalability. Each Connection Manager has a maximum number of connections that it 
can handle. For example, the client Connection Manager can handle only 10,000 
concurrent client connections. Yoursystem can handle more client connections if you add 
additional client Connection Managers. 
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O Note: 

More than 10,000 connections can cause operational difficulties and may result in 
hindered performance. 

• Different communication protocols. Avaya recommends that you configure a separate 
Connection Manager to handle each communication protocol that you plan to use. For 
example, if you want to configure an SMTP Connection Manager to handle offline 
messages, add a Connection Manager strictly for this purpose rather than adding another 
JSM command processor to the default client Connection Manager. 

• Redundancy. Configuring separate Connection Managers also helps to ensure that you 
experience as few communication problems as possible. If the system on which one 
Connection Manager is installed fails, other systems can pick up the slack. 

Related topics: 

Connection Manager on page 133 

Configuring the basic Connection Manager on page 134 

Simple Authentication and Security Layer (SASL) on page 136 


Connection Manager 

At the time of the Presence server installation, Connection Manager is configured by default. 
The following figure depicts the default Connection Manager running a JSM command 
processor to connect the Presence server to IM clients. 
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Configuring the basic Connection Manager 

The following instructions describe how to configure the Connection Manager (CM) using the 
parameters provided in the Basic configuration view of the controller. These parameters are 
sufficient to configure an operational CM. For descriptions of all of the CM parameters, see 
Connection Manager Parameter Reference. The command processors that you can configure 
within the Connection Manager are described in separate chapters. 

Procedure 

1. Change to the controller’s Basic configuration view 
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2. To add a Connection Manager, click Go in the Components area on the main page 
of the controller. 



System 
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Components 
Add a new 


3. In the Connection Manager Configuration page, change the Description so that it 
describes this particular CM. 

4. Under Add a New Command Processor, select a command processor in the list, 
and then click Go. 

The command processors are described as follows: 

• JSM Command Processor: Connects the XCP server to IM clients. 

• S2S Command Processor: Enables XCP servers to communicate with each 
other server-to-server (S2S) across domains. 

• Web Command Processor: Handles HTTP requests, and translates and 
transfers data between IM clients and the XCP router over the Web. 

• SMTP Command Processor: Redirects offline messages to an e-mail server. 
Offline messages are IM messages that are sent to a client while the client is 
offline. 
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XCP Controller - presence 


[Home] [Logoff] 
Help 


Connection Manager Configuration 


Connection Manager 

ID cm-2.presence 

Description Connection Mender 

Connection Manager Configuration 
Add a New Command Processor 

Add new Items by selecting from the drop down and clicking 
GO'. 


Add a new 


JSM Command Processes v 

Name 

Actions 

S2S Command ProcatK* 



Waft Command Pioct\ux 

SMTP Command Processor 

i rc^n 






Remove 


Fields marked with a * require values 
Help 


5. When you finish configuring the command processor and return to the Connection 
Manager Configuration screen, click Submit to save your configuration. 


Simple Authentication and Security Layer (SASL) 

Presence Services uses the Simple Authentication and Security Layer (SASL) framework for 
the data security and user authentication. SASL uses a number of mechanisms for the 
authentication process, such as EXTERNAL, ANONYMOUS, and DIGEST-MD5. Presence 
Services use the DIGEST-MD5 mechanism to authenticate XMPP clients. In the DIGEST-MD5 
mechanism, the system accepts MD5 hash instead of a user name and password to 
authenticate the clients. MD5 hash is a hexadecimal number. 

Key features of DIGEST-MD5 authentication are: 

• Presence server supports only DIGEST-MD5 mechanism for the SASL authentication. 

• A cluster deployment does not support a heterogeneous configuration. In a 
heterogeneous configuration, you can set the SASL feature on more than one Presence 
Services nodes. 

• SASL authentication is limited only to an XMPP interface. A SIP interface shares a trusted 
secure link with Session Manager. 

0 Important: 

All endpoints must support the SASL feature. For an endpoint to be functional, the endpoint 
must support the SASL feature. 

Related topics: 

Configuring DIGEST-MD5 authentication using SASL on page 137 
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Configuring DIGEST-MD5 authentication using SASL 
About this task 

If you enable the DIGEST-MD5 authentication using SASL, you do not need to provide the 
username and password at the time of authentication. 

Procedure 


1. Log in to Presence Services XCP Controller Web interface. 

2. On the Presence Services home page, select the Advanced configuration view. 

3. In the Components area, select the connection manager component, and click 

Edit. 

The system displays the Connection Manager Configuration page. 

4. In the Add a New Command Processor section, click Details next to the command 
processor. 

Add a” New Command Processor ~ " w u 

Add new items by selecting from the drop-down and clicking 'GO'. 

Add a new [jsi 


Name 

Actions 


cm-1Jsmcp-1.presence 

Details 

JSM Comm; 


0 Component Logging (Jlog) 


In the JSM Command Processor section, click Details. 

ISM - CommancTProcessbr ’ '—■~~ .. 

id 

Description 

Director Configuration 

Add new items by selecting from the drop-down and clicking 'GO* 

Add a new 


Name 

Actio! 

cm-1Jsmcp-1_xmppd-1. presence 

Details • 

cm-1Jsmcp-1_xmppd-2.presence 

Details J 


JSMCP Configuration 


*- * r —A. 




The system displays the XMPP Director Configuration page. 

6. In the XMPP Director section, do the following: 

a. Select the SASL Settings check box. 

b. In the SASL Realm field, enter the name for the SASL realm. For example, 

ps.avaya.com. 
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0SASL Settings 

SASL Realm 

Maximum number of authentication attempts 
Enable XMPP Stream Compression 




© Important: 

Ensure that the value for the SASL Realm field matches with the Router 
Service Name of Presence Services or with the domain name of the XMPP 
handle. 

7. To save the changes, click Submit. 

8. Repeat step five to seven for all XMPP Directors. 

9. On the JSM Command Processor Configuration page, click Submit. 

10. On the Connection Manager Configuration page, click Submit. 

11. Click Stop the System and then click Start the System to restart the Presence 
server. 


© Note: 

In a cluster deployment, repeat these steps for each Presence Services node. 


Connection Manager parameter reference 


Related topics: 

Connection Manager basic parameters on page 138 
Connection Manager intermediate parameters on page 139 
Connection Manager advanced parameters on page 140 


Connection Manager basic parameters 

Description 

The description is displayed in the Components area on the controller’s main page and should 
help you distinguish between components of the same type when you have more than one 
configured. You can change the description as needed. 
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Add a New Command Processor 

Select a command processor in the list and click Go to gain access to its configuration page. 

JSM Command Processor. Connects the XCP server to IM clients. S2S Command Processor. 
Enables XCP servers to communicate with each other across domains. S2S stands for Server- 
to-Server. 

Web Command Processor. Handles HTTP requests, and translates and transfers data 
between IM clients and the XCP router over the Web. 

SMTP Command Processor. Rredirects offline messages to an email server. Offline messages 
are IM messages that are sent to a client while the client is offline. 


Connection Manager intermediate parameters 

Router outbound connection information 

Enables the Presence Services router to connect to the component. For example, if the 
component is running outside your firewall, using this option, the router can connect to the 
component safely rather than introducing security risks by letting the component connect to it. 
By default, components connect to the router using the routers Master Accept Port. 

Component IP 

The IP address or host name of the system on which the component is installed. 

Port 

The port that the component uses for communications. 

Password 

The password that the router uses to authenticate the component. 

Execute an external command 

Using this option, the router can start the component automatically. If you prefer to start the 
component from a command line, disable this option. 

Command line to run 

A default command runs the component automatically. You can modify it, if needed. 


0 Note: 

Do not use the -B argument with this component. Since the IPS logger is already a daemon 
process, its children must not be daemons. 

Do not redirect output, because all output to STDOUT and STDERR are redirected to /dev/ 

null. 

Hostnames for this component 

This option specifies the hosts for which this component handles packets. Specify a host filter 
only if you want the component to be externally addressable. For example, if you want clients 
and other components or programs to communicate with it. This is because the mod_disco 
module in JSM uses host filters to return the component as something that is discoverable. 
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Host Filters 

The host names or IP addresses for which you want this component to handle packets. 
Separate each host name or address with a line break. 

Host filters must be host names, or IPv4 or IPv6 addresses. If you use an IP address, the 
packet address must also use this IP address. 

Maximum number of sockets 

The maximum number of sockets for this CM across all client and SMTP connections. For 
example, if you have 10,000 clients who can connect to the server, enter 10,000 for the number 
of sockets. We recommend a maximum of 10,000 clients per CM. 

This number does not include the sockets used by the processors to connect to the core 
router. 

Component Logging (Jlog) 

Enables to configure filtered level loggers that log messages to syslog and to a stream (stderr 
or stdout). You can enable either or both the syslog and stream loggers. These parameters 
are displayed in the controller’s Intermediate and Advanced configuration views. 

SNMP Configuration 

Select this option if you want to configure SNMP for the component. 

Enable SNMP 

Leave this parameter set to Yes. 


Connection Manager advanced parameters 

Runlevel 

The order in which this component shuts down. The runlevel must be an integer value greater 
than or equal to 0. Component shutdown is executed in reverse order of the specified runlevel; 
components with the highest level (typically 80) shut down first. 


C Note: 

Do not change the runlevel unless you know exactly what you are doing and understand the 
effects that changing it will have. The default runlevel is provided to help the system shut 
down as smoothly as possible, and is based on this component's dependencies upon other 
components. 

Timeout for shutdown 

The number of seconds that the server waits to receive acknowledgement from the component 
that the shutdown process has completed. If the component has not shut down by the time 
this time period has elapsed, the router leaves the process in its current state and continues 
shutting down other processes. 

Number of packets buffered when component is down 

The number of packets bound for the component that must be buffered if the component goes 
down. 


140 Administering Avaya Aura® Presence Services October 2013 

Comments? infodevt&avava.com 



Configuring Presence Components 


Bounce error packets to stderr 

Enables the router to send warnings to stderr when the component is down. 

Buffer size in bytes for outgoing data 

The number of bytes the router must buffer when it sends information to the component. You 
may want to modify this element when working on performance enhancements. 

Buffer size in bytes for incoming data 

The number of bytes the router must buffer when it receives information from the component. 
You may want to modify this element when working on performance enhancements. 

Send keepalives 

Enables the router to send keep-alives to the component. The keep-alive helps prevent 
firewalls from dropping an unused connection to the component. If this option is set to No, 
keep-alives are disabled. 

Log the delivery of packets to this component 

Enables to log the data that the router delivers to the component. The information is logged to 
the loggers you set up during Presence Services Logger configuration (syslog, file, or stderr). 
Socket-level logging happens only at the debug level. 

Maximum interval in seconds to wait before restarting component 

The maximum number of seconds after which the router tries to restart the component. If the 
component goes down, the router tries to restart it after 1 second. If the component does not 
start, the router multiplies the wait time by 1.5, and tries again. Once the maximum time interval 
that you specify for this parameter is reached, the router continues to retry after waiting this 
amount of time. 

Maximum number of times to restart component 

The total number of restarts allowed. The default setting, -1, means unlimited. 

Interval in seconds at which to reset this value to 1 second 

The number of seconds that the component has been up and running, after which to set the 
restart time back to 1 second. 

Path to binary 

The directory path to the shell that launches the component. You can change the default setting 
if needed. 

Maximum size of threadpool 

The number of concurrent threads of execution to use to process client and SMTP connections. 
The default setting of 3 should be sufficient for most environments. However, if you have 
numbers of users approaching 10,000, you might want to change this value to 4 or 5. 

This number does not include the threads used to talk to the XCP core router. 

User to run the CM as 

If you want to listen on a port lower than 1024, you must be logged in as root user. For example, 
to listen on port 80, open the port as a root user. However, to listen to traffic more securely 
than as root, change your user ID to a nonroot ID immediately thereafter. Using this parameter, 
you can specify the user ID to which you want the CM to switch from root user as soon as the 
Connection Manager starts listening. 
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To listen on more than one port at the same time, such as 80 and 443, you must set up two 
Connection Managers, one to listen on each port. 

Add a new custom logger 

If you create a custom logger for logging component information using the libjcore library, click 
Go to access the Custom Logger Configuration page. 

Count errors 

Enables SNMP error counting. 

€ Note: 

This option takes a great deal of server resource. Therefore, use it with caution. 


Connection configuration for an IM client 

The JSM Connection Manager establishes connections with IM clients. The JSM Connection 
Manager contains a JSM Command Processor (JSMCP), which can be configured with one 
of three different directors - XMPP, HTTP binding, or polling - depending on the type of client 
being used and the type of connection you want to use to connect to it. Each director receives 
data over a socket from a client, converts the protocol into a form that the JSM Command 
Processor can understand, and sends it to the JSMCP. The JSMCP then sends the data to 
the XCP router, which sends it on to its final destination. 

A Warning: 

You must add a Connection Manager for an IM client in the supervision of an Avaya Support 
personnel. 

Related topics: 

XMPP connection configuration on page 142 
Configuring XMPP director on page 143 

XMPP director and HTTP Binding Director parameter descriptions on page 143 
Adding XMPP Collector user handles on System Manager on page 144 


XMPP connection configuration 

The Connection Manager runs by default when you install the XCP server. It is configured with 
a JSM Command Processor and two XMPP directors. The XMPP directors handle 
communication with IM clients. One of the directors is configured to use port 5222 and the 
other is configured to use port 5223 for secure communications. 
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Configuring XMPP director 

Procedure 

1 . On the JSM Command Processor Configuration page, under Director 
Configuration, click Details beside one of the existing directors if you want to 
change its configuration. 

The first director listed is configured to listen on port 5222, and the second director 
listens on port 5223. 

2. On the XMPP Director Configuration page, change the default settings only if 
needed. 

3. Click Submit in each configuration page until you return to the main page of the 
controller. 


XMPP director and HTTP Binding Director parameter descriptions 

IP address of external channel 

The IP address of the external channel on which this director listens for connections from IM 
clients. By default, the IP address is set to that of the server on which this Connection Manager 
is running. 

Port 

The port that the component uses for communications. 

Timeout for response 

The maximum number of seconds that the HTTP binding director waits to respond to a request 
from the client. 

Timeout for client inactivity 

The maximum number of seconds that a client can be inactive before the HTTP connection 
shuts down. 

Shortest allowable polling interval 

The shortest allowable polling interval (in seconds) after which the client may send a polling 
request. If polling requests are sent in shorter time intervals, the HTTP connection shuts 
down. 

Maximum simultaneous requests from client 

The number of simultaneous requests that the client can make with the requests attribute. The 
recommended value is 2, which is the default setting. If a client makes more simultaneous 
requests than the number specified here, the HTTP connection shuts down. 
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Adding XMPP Collector user handles on System Manager 

Before you begin 

Ensure that the Presence domain is Router Service Name on Presence Services. 

About this task 

The system creates the Avaya XMPP handle automatically. You must add the Other XMPP 
handle manually. 

Procedure 

1. Log on to System Manager Web Console as an administrator. 

2. On System Manager Dashboard, click User Management > Manage Users > 
New. 

The system displays the New User Profile page. 

3. On the Identity tab, enter the following details: 

• Last Name. The last name of the user. 

• First Name. The first name of the user. 

• Login Name. The login name of the user, for example, 
userloginname@domain.com. 

The Login Name domain of the user must match the Domain Substitution rule so 
that the converted domain matches the Presence domain. 

4. Click the Communication Profile tab. 

5. In the Communication Address section, click New. 

6. In the Type drop-down box, select Other XMPP. 

7. In the Fully Qualified Address: field, enter a handle. 

8. In the @ field, enter the domain name. 

9. Click Add. 

10. To save the changes, click Commit. 


HTTP binding director configuration 

The HTTP Binding Director is used for configuring connections to the Presence Messenger for 
the Web client. The HTTP binding feature complies with XEP-0124: HTTP Binding. The 
following figure illustrates the HTTP binding connection configuration. 
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HTTP binding connections wrap XMPP traffic in HTML, enabling XEP-0124-compliant, Web- 
based clients to gain access to the XCP server without requiring any changes to network or 
firewall settings. 

The process for configuring an HTTP binding connection involves adding a new Connection 
Manager to your XCP server, configured with a JSM Command Processor with an HTTP 
Binding Director, and a Web Command Processor with an HTTP Director and an HTTP Binding 
Handler. 

Related topics: 

Configuring the HTTP binding director on page 145 
Web Command Processor on page 145 
Configuring a Web Command Processor on page 146 


Configuring the HTTP binding director 

About this task 

The HTTP Binding Director interprets HTTP-wrapped XMPP packets, strips off the HTTP 
wrapper, and forwards the packets to the JSM. 

Procedure 

1. Using the Basic configuration view of the controller, add a new Connection Manager 
and configure it with a JSM Command Processor. 

2. In the JSM Command Processor Configuration page under Director Configuration, 
click Remove beside the two existing XMPP directors to delete them. 

3. Select HTTP Binding Director in the list, and then click Go. 

4. In the HTTP Binding Director Configuration page, accept the default settings or 
change them as needed. 

5. To save your configuration, click Submit . The system displays the JSM Command 
Processor Configuration page. 

6. To save the JSM Command Processor configuration, click Submit again. You are 
returned to the Connection Manager Configuration page. 


Web Command Processor 

After you configure the JSM Command Processor with the HTTP Binding Director, configure 
a Web Command Processor in the same Connection Manager. The Web Command Processor 
can be configured with an HTTP director and an HTTP binding handler, which work in 
conjunction with the JSM Command Processors HTTP Binding Director. The HTTP binding 
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handler intercepts XEP-124-compliant packets and forwards them to the HTTP Binding 
Director. 


Configuring a Web Command Processor 

Procedure 

1. Change to the Advanced configuration view of the controller. 

2. On the Connection Manager Configuration page under Add a New Command 
Processor, select Web Command Processor in the list, and then click Go. 

3. On the Web Command Processor Configuration page under Director 
Configuration, click Go to add an HTTP director. 

4. To configure the HTTP director, use the online help or accept the default settings. 

5. Click Submit to save the director. 

6. On the Web Command Processor Configuration page under Handlers, select 
HTTP Binding Handler in the list, and then click Go. 

7. On the HTTP Binding Handler Configuration page, change the Path, if needed, or 
accept the default setting, /httpbinding. The Path is the HTTP URI path on 
which this handler listens for HTTP binding traffic. For example, in the URI, http: // 

www. example . com: 7300/httpbinding, the path is /httpbinding. 

8. Tto save your configuration, click Submit. 

The system displays the Web Command Processor Configuration page. 

9. In the Web Command Processor Configuration page, click Submit. 

The system displays the Configuration Manager Configuration page. 

10. On the Connection Manager Configuration page, perform any additional 
configuration if needed. To save your configuration, click Submit. 

G Note: 

No additional configuration is required. You can submit the Connection Manager 
using its remaining default settings. 


Polling Connection configuration 

This section provides instructions for configuring the HTTP polling director in the JSM 
command processor. With HTTP polling connections, you can use HTTP clients, and IM users 
can access your XCP server without requiring any changes to network or firewall settings. 
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The following figure illustrates the Connection Manager that WebClient uses to connect to the 
XCP server using polling XMPP over HTTP. The polling director uses HTTP to communicate 
over firewalls using port 80. 
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Related topics: 

HTTP polling connection configuration on page 148 

Configuring HTTP polling connection on page 148 

Server-to-Server connections on page 149 

S2S Connection Manager configuration on page 150 

Configuring an OpenPort Connection on page 151 

Configuring OpenPort on page 152 

Configuring the dialback password on page 152 

Hosts and IP Addresses for blacklists and whitelists on page 153 

Blacklisting and Whitelisting Hosts and IP Addresses on page 153 

Packet handling for blacklisted hosts on page 154 
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HTTP polling connection configuration 


Parameter 

Description 

IP address of external channel 

IP address of external channel. 

Port 

Port number. 

0 Note: 

Enter 8080. If you want to start the CM as root 
user, you must use port 80 or 443. 

SSL Settings 

Configures secure socket layer settings to enable 
this director to establish a secure connection with 
the server. 

0 Note: 

The XCP server does not support private keys 
for SSL certificates that have pass phrases. If 
you have a pass phrase or encrypt your private 
key, your private key/public certificate pair will 
not load into XCP. 

Root directory for files served to 

Root directory on the XCP server that contains the 

WebClient 

files served to WebClient. 


Configuring HTTP polling connection 

This section provides instructions for configuring the HTTP polling director using the 
parameters provided in the Intermediate configuration view of the controller. These parameters 
are sufficient to configure an operational director. 

Procedure 

1. Change to the Intermediate configuration view of the controller. 

2. In the JSM Command Processor Configuration page, select Polling Director > 
Go . 

3. Configure the parameters using the HTTP polling connection configuration field 
descriptions. 

4. To save the polling directors configuration, click Submit. 

The system displays the JSM Command Processor Configuration page. 

5. Click Submit on the JSM Command Processor Configuration page. 

The system displays the Connection Manager Configuration page. 
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6. In the Connection Manager Configuration page, perform any additional 
configuration if you want, then click Submit to save your configuration. 

© Note: 

No additional configuration is required. You can submit the CM using its 
remaining default settings. 


Server-to-Server connections 

Using the Server-to-Server connection manager (S2S CM), XCP servers can communicate 
with remote servers across domains. It also supports the dialback protocol, which determines 
whether or not to trust a connection from another server. 

The following figure illustrates the S2S CM configuration. 
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S2S Connection Manager 


S2S Comman 

d Processor 

XMPP Incoming 
Director 

XMPP Outgoing 
Director 

XMPP in 
Transcoder 

XMPP Out 
Transcoder 



S2S Connection Manager configuration 

The S2S CM is configured with an S2S command processor, which contains an XMPP 
incoming director and an XMPP outgoing director for XMPP server-to-server communications. 
Using these directors, you can blacklist and whitelist specific hosts that are inside or outside 
of your XCP system. The incoming director handles incoming packets that are being sent to 
the XCP router from remote servers; the outgoing director handles packets that are being sent 
from the router to remote servers. 

Avaya recommends that you configure a new separate server-to-server connection manager 
in order to maximize the efficiency with which the XCP server can handle S2S 
communication. 

The default rules are configured as follows, where n is the number of the CM. 
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Director ID 

DNS SRV lookup 

Port 

cm-n 

_s2scp-1_xmppsoutd-1 

_xmpp-server._tcp 


cm-n 

_s2scp-1_xmppsoutd-1 

Jabber._tcp 


cm-n 

_s2scp-1_xmppsoutd-1 


5269 


Each time a new outbound connection is required, the S2SCP goes through the rules asking 
the specified director to attempt the outgoing connection. If a director successfully establishes 
a connection, then that director will always handle stanzas bound for that particular host. 
Otherwise, the S2SCP asks the next director (using the defined rules) to attempt an outbound 
connection for the host. 

You only need to add a new rule if you want to change how the DNS lookups happen for 
outbound servers. 


Configuring an OpenPort Connection 

Procedure 

1. Change to the Intermediate configuration view of the controller. 

2. In the Components area on the main page of the controller, select OpenPort in the 
list, and click Go. 

3. Enter the S2S Command Processors ID, without the realm , as the ID of the 
OpenPort. For example, cm-2_s2scp-l. 

4. The OpenPort must use the opposite connection type than that used by the S2S 
command processor. If you used the default connection type of connect for the S2S 
command processor, skip to step 5. 

If you configured the S2S command processor with an accept connection type, you 
must select the Router Outbound Connection Information option for the 
OpenPort, and specify the same Component IP, Port, and Password that you used 
for the command processor. 

5. Under Hostnames for this Component, enter a host filter to allow packets destined 
for external domains to reach the S2S command processor. In most cases, you 
should enter an asterisk (*) in the Host Filters text box. 

6. Click Submit to save your configuration. 

7. Restart your XCP system. 


Administering Avaya Aura® Presence Services 


October 2013 


151 




Configuring Presence Services components 


Configuring OpenPort 

You must configure an OpenPort connection to enable the AFT Handler to connect to the 
router, in addition to providing the information in the Advanced File Transfer Handler 
Configuration page. 

Procedure 

1. In the Components area on the controller’s main page, select OpenPort from the 
list, and then click Go. 

2. When you are prompted for an ID for the OpenPort, enterthe ID of the AFT Handler 
without the realm. For example, cm-2_webcp-l. aft. 

3. Click OK to display the OpenPort Configuration page. 

4. Change the Description to AFT Open Port (or to something similar). 

The OpenPort must use a connection type that is opposite the one used by the AFT 
Handler. If you use the default connection settings for both the AFT Handler and 
the OpenPort, you do not have to change the OpenPorts connection type. 

If you configured the AFT Handler to use an accept connection type and therefore 
must change the OpenPorts connection type to connect, select the Router 
Outbound Connection Information option, and specify the same component IP, 
port, and password configured for the AFT handler. 

5. In the Hostnames for this Component text box, enterthe AFT handlers host name. 

For example, aft. example . com. 

6. Click Submit to save your configuration. 

7. Click Submit in the Web Command Processor and Connection Manager 
Configuration pages to return to the controller’s main page. 

8. Restart your XCP system. 


Configuring the dialback password 

About this task 

The S2S CM supports the dialback protocol, which determines whether or not to trust a 
connection from another server. 

Procedure 

1. Change to the Intermediate configuration view of the controller. 
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2. In the Dialback Secret box, enter the password used to prove the authenticity of 
another server. 

By default, the dialback secret is set to the XCP routers password. If you have 
multiple S2S command processors in your XCP system, they must all have the 
same dialback secret. 


Hosts and IP Addresses for blacklists and whitelists 

If you want to blacklist and whitelist certain hosts and IP addresses from sending and receiving 
packets, you can configure one or more of the authorized outgoing and incoming, to and from 
addresses.Using these four configuration options displayed in the Intermediate configuration 
view of the controller, you can specify exactly which hosts and IP addresses may or may not 
send or receive incoming or outgoing packets. 

Each authorization option has a Default behavior parameter, which controls the way your 
system handles packets for all hosts or IPs except for those listed under Host Filters and IP 
addresses. Specified hosts and IP addresses behaves in a manner opposite to the default 
behavior. 


Blacklisting and Whitelisting Hosts and IP Addresses 

Procedure 

1. Change to the Intermediate configuration view of the controller. 

2. Configure one or more of the following authorization options: 


Authorized Outgoing 
From Addresses 

Using Authorized Outgoing From Addresses, you 
can specify the hosts and IP addresses within your 
organization from which outgoing packets can be 
sent. If you set the default behavior to allow, all hosts 
and IPs except for those listed are allowed to send 
outgoing packets. If you set the default behavior to 
deny, only the listed hosts and IPs can send outgoing 
packets. Outgoing from addresses are usually paired 
with incoming to addresses. 

Authorized Outgoing To 
Addresses 

Using Authorized Outgoing To Addresses, you can 
specify the hosts and IP addresses to which users 
within your organization can send outgoing packets. 
If you set the default behavior to allow, users can 
send packets to all hosts and IPs except for those 
listed. If you set the default behavior to deny, users 
can send packets only to the hosts and IPs listed. 
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Outgoing to addresses are usually paired with 
incoming from addresses. 

Authorized Incoming 
From Addresses 

Using Authorized Incoming From Addresses, you 
can specify the hosts and IP addresses from which 
incoming packets can be received by users in your 
organization. If you set the default behavior to allow, 
users can receive packets from all hosts and IPs 
except for those listed. If you set the default behavior 
to deny, users can receive packets only from the 
hosts and IPs listed. Incoming from addresses are 
usually paired with outgoing to addresses. 

Authorized Incoming To 
Addresses 

Using Authorized Incoming To Addresses, you can 
specify which hosts and IP addresses within your 
organization can receive incoming packets. If you set 
the default behavior to allow, all hosts and IPs except 
for those listed can receive packets. If you set the 
default behavior to deny, only the listed hosts and IPs 
can receive packets. Incoming to addresses are 
usually paired with outgoing from addresses. 


Packet handling for blacklisted hosts 

The following figure illustrates the handling of packets that are sent to or received from 
blacklisted hosts. 
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S2S Command Processor Parameter Reference 

S2S Command Processor basic parameters 

Description 

The description displays in the list of command processors on the Connection Manager 
Configuration page. 

Director Configuration 

The directors are described as follows: 
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XMPP Incoming Server Director handles incoming packets that are being sent to the XCP 
router from remote servers. 

XMPP Outgoing Server Director handles outgoing packets that are being sent from the XCP 
router to remote servers. 

Component IP 

If you are using the default connection type of connect, shown in the Advanced configuration 
view, enter the IP address or the FQDN of the server where the Connection Manager is 
installed. The CMs IP address is provided by default. 

If you change to an accept connection type, enter the IP address or the FODN on which the 
XCP router listens for the command processor. 

Port 

If you are using the default connection type of connect, shown in the Advanced configuration 
view, enter the port that this command processor uses for communication. By default, the port 
is set to the Master Accept Port that is specified during XCP server installation. 

If you change to an accept connection type, enter the port on which the XCP router listens for 
the command processors connection. The router allows only a single connection over this port 
at a time. Therefore, multiple versions of the command processor cannot connect to the same 
port. 

Password 

The password that the XCP server uses to authenticate the command processor. 

Outgoing Connection Attempt Rules 

Outgoing Connection Attempt Rules Three rules are supplied by default. They specify the order 
and DNS lookup properties for each outbound director. By default, these three rules are 
configured with the ID of the XMPP Outgoing Server Director. However, if you add another 
director, you must edit the rules or add additional ones, and specify the ID of the director to 
which the rules apply. 


S2S Command Processor intermediate parameters 

Dialback Secret 

The password used to prove the authenticity of another server. AH S2S control processors for 
a single XCP system must have the same dialback secret. 

The XCP server uses dialback to verify that a connection between two servers is trusted. One 
XCP server uses DNS to verify that a connecting XCP server is authorized to represent a given 
network. Dialback prevents the connecting server from spoofing a particular server name and 
sending false data. Although the dialback protocol resembles reverse DNS or IP lookups, it is 
more complex, since it must accommodate server farms and complex environments. 

For example, when server A attempts to connect to server B, it sends an XML stream to see 
if server B supports the dialback protocol. Server B returns a stream indicating that it does. 
Server A then sends a dialback key to server B. Server B now dials back and initiates a separate 
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connection to server A using a DNS/host name lookup to connect to the correct server. Server 
B returns the dialback key over the second connection. If server A can confirm the key, the 
dialback is successful. 

For a complete description of dialback, see the Internet Engineering Task Force (IETF) 
documentation of the protocol: http://www.ietf.orq/ids.bv.wq/ xmpp.html . 

Authorized Outgoing From Addresses 

Outgoing from addresses are hosts or IP addresses within your organization from which 
outgoing packets may be sent. Outgoing from addresses are normally paired with incoming to 
addresses. 

Default behavior 

Default behavior of your system for handling outgoing from addresses: either allow or deny . 
The hosts and IP addresses listed below are exceptions to the default behavior. For example, 
if you set the default behavior to allow, the specified hosts and IPs are not allowed to send 
outgoing packets. If you set the default behavior to deny, the specified hosts and IPs are 
allowed to send outgoing packets. 

Host Filters 

The host names for which you want to apply the opposite of the default behavior. 

IP Addresses 

The IP addresses for which you want to apply the opposite of the default behavior. 

Authorized Outgoing To Addresses 

Outgoing to addresses are hosts or IP addresses to which people or entities in your 
organization may send outgoing packets. Outgoing to addresses are normally paired with 
incoming from addresses. 

Default behavior 

Default behavior of your system for handling outgoing from addresses: either allow or deny . 
The hosts and IP addresses listed below are exceptions to the default behavior. For example, 
if you set the default behavior to allow, the specified hosts and IPs are not allowed to send 
outgoing packets. If you set the default behavior to deny, the specified hosts and IPs are 
allowed to send outgoing packets. 

Host Filters 

The host names for which you want to apply the opposite of the default behavior. 

IP Addresses 

The IP addresses for which you want to apply the opposite of the default behavior. 

Authorized Incoming From Addresses 

Incoming from addresses are hosts or IP addresses from which people or entities in your 
organization may receive incoming packets. Incoming from addresses are normally paired with 
outgoing to addresses. 
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Default behavior 

Default behavior of your system for handling outgoing from addresses: either allow or deny . 
The hosts and IP addresses listed below are exceptions to the default behavior. For example, 
if you set the default behavior to allow, the specified hosts and IPs are not allowed to send 
outgoing packets. If you set the default behavior to deny, the specified hosts and IPs are 
allowed to send outgoing packets. 

Host Filters 

The host names for which you want to apply the opposite of the default behavior. 

IP Addresses 

The IP addresses for which you want to apply the opposite of the default behavior. 

Authorized Incoming To Addresses 

Incoming to addresses are hosts or IP addresses in your organization that cannot receive 
incoming packets. Incoming to addresses are usually paired with outgoing from addresses. 

Default behavior 

Default behavior of your system for handling outgoing from addresses: either allow or deny . 
The hosts and IP addresses listed below are exceptions to the default behavior. For example, 
if you set the default behavior to allow, the specified hosts and IPs are not allowed to send 
outgoing packets. If you set the default behavior to deny, the specified hosts and IPs are 
allowed to send outgoing packets. 

Host Filters 

The host names for which you want to apply the opposite of the default behavior. 

IP Addresses 

The IP addresses for which you want to apply the opposite of the default behavior. 

Number of outgoing connection attempts 

The number of times to try making an outbound connection. 

Seconds to wait between connection attempts 

The number of seconds to wait between connection attempts. 

IP Addresses to Prevent Loopback Connections 

The address of any S2S Command Processor that listens for incoming packets. 

Administrators JIDs 

Enter the JIDs of those you want to enable to query the S2S Command Processor. 

The S2SCP can be queried from a client that supports the Service Discovery protocol 
described in XEP-0030. 

Queries must be sent to the S2SCPs ID.realm; for example, cm-2_s2scp-i .denver. 

Users who can discover/view s2s connections 

The users who can query the S2S Command Processor for a list of connected hosts. 
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S2S Command Processor advanced parameters 

Connection Type 

With a connect connection type (the default setting), the router connects to the component. 

With an accept connection type, the router opens a specific port and listens on that port for a 
connection from the component. 

For the Open Port, you must configure a connection type that is opposite the type configured 
for the S2SCP. Therefore, if you use the accept connection type for the S2SCP, you must 
configure the Router Outbound Connection Information parameters for the Open Port. 

Timeout for failed outgoing cache (seconds) 

The number of seconds after which the cache table is cleared. This table must be cleared 
periodically to prevent DOS attacks and to prevent a temporarily unresolvable host name from 
becoming permanently unresolvable. The default setting is 1800 seconds. 


XMPP federation 


Overview - XMPP federation 

Avaya Aura® Presence Services provides presence and IM services to Avaya Aura® users that 
are hosted by a single Presence server or a clustered Presence server. Through XMPP 
federation, Presence Services provides presence and IM services to Avaya Aura® users that 
are hosted on a non-clustered Presence server and users that are hosted by a third-party 
XMPP server. Openfire is an example of a third-party XMPP server. 

Avaya Aura® Presence Services federation is certified with Ignite Realtime Openfire servers. 
For more information about Ignite Realtime, see http://www.iqniterealtime.org/proiects/ 
openfire/ . You can have federation between Presence Services and third-party XMPP servers 
that conform to IETF XMPP and Server to Server (S2S) standard. 

Similarly, the Presence Services federation is certified between Avaya Aura® with Avaya one- 
X® Communicator clients that are hosted by Presence Services and federated users with 
popular third-party chat clients that are hosted by an Openfire server. Pidgin, Pandion, and 
Gajim are examples of third-party chat clients. The federation with any XMPP-compliant client 
that connects to an Openfire server should be seamless. 

Related topics: 

The Presence server and XMPP federation architecture on page 159 

The Presence server and XMPP federation architecture 

The deployment of Presence Services with Openfire includes the following components: 
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• Avaya Aura® Presence Services. 

• XMPP S2S. Server to Server connection. 

• Optional, Avaya Aura® Session Manager. 

• Avaya Aura® System Manager. 

• Avaya clients. Avaya one-X® Communicator SIP and H.323. 

• Third-party server. An example of a third-party server is Openfire. 

• Openfire clients. 


Session Manager 


One-X 

Communicator-SIP 



XMPP and Presence server architecture shows the network view of Presence Services and 
Openfire. Presence Services and Openfire use the XMPP S2S connection to exchange the IM 
and presence information. The Avaya One-X Communicator H.323 clients establish an XMPP 
connection with Presence Services for exchanging the IM and presence information. The 
Avaya one-X® Communicator SIP clients establish an XMPP connection with Presence 
Services for exchanging IMs and use the SIP messages to subscribe or publish the presence 
information using Session Manager. 

When an Avaya Aura® user, a watcher, adds a federated user, a presentity, as a contact, and 
the federated user publishes presence information, Presence Services converts the basic 
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XMPP presence information received from the Openfire server into a rich PIDF and sends 
presence information to the Avaya Aura® user. Conversely, when a federated user, who is a 
watcher, adds an Avaya Aura® user, a presentity, as a contact and the Avaya Aura® user 
publishes presence information, Presence Services converts the rich PIDF into basic XMPP 
presence information and sends presence information to the Openfire server. 

To configure the Avaya Aura® network, use System Manager. 

For Phase 1 federation, configure Aura and federated users within System Manager. For 
Phase 2 federation, configure only Aura users within System Manager. 


Federation solutions 

Presence Services supports the following federations: 

• Phase 1 federation. Includes clients that support only a few features for federated users. 
You can administer Phase 1 users through System Manager. 

• Phase 2 federation. Includes clients that support all features for federated users. In Phase 
2 federation, you can add users as contacts, favorites, buddies, and exchange IMs with 
external users. Also, it is not mandatory to administer the Phase 2 users through System 
Manager. 

O Note: 

Use Phase 2 federation if you want to support all features for federated contacts. 

Related topics: 

Phase 1 federation on page 161 
Phase 2 federation on page 162 
Federation availability calculation on page 163 

Phase 1 federation 

• Use Phase 1 federation if the federation includes Avaya clients that do not fully support 
federated users. 

• Follow the steps in the Presence Services and an Openfire server configuration 
section. 

• Follow the optional steps in the Adding XMPP Collector on page 174 section. 

• Use the Aura presence identifier to identify federated users. For example, a federated 
user with FQDN, UserA@openfire.com, must be configured in System Manager with the 
Other XMPP handle. FQDN of Other XMPP handle is UserA@openfire.com. According 
to the Domain Substitution rule, the system assigns an Avaya XMPP handle to the 
federated user, such as UserA@ps.avaya.com. When an Avaya user interacts with a 
federated user, the system identifies the federated user using the Avaya XMPP handle. 
In this example, the system identifies the federated user as UserA@ps.avaya.com. For 
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more information about XMPP handles, see Adding XMPP Collector user handles on 
System Manager on page 144. 

./user-default-policy-domain.sh -c ALLOW "openfire.com" 

• Apply Aura ACL settings. When a federated user adds an Aura user as a contact, the 
system applies the Aura ACL settings. You can configure ACL settings on System 
Manager or Presence Services. For instance, if you set ACL to Confirm, the system 
displays a confirmation message on the Aura client, and the federated user cannot see 
the presence of the Aura user until the Aura user allows the watcher to see presence. 
Conversely, if an Aura user adds a federated user as a contact, the system applies the 
ACL settings on the Openfire server or the third-party client or both. The Openfire server 
manages all such requests with the Confirm behavior. The Openfire server does not send 
the presence information of a federated user back to Presence Services. Instead, the 
Openfire server lets the third-party client apply its own ACL settings. 

If Aura User A tries to add Openfire User B as a contact, and the ACL policy on the client 
of Openfire User B is Confirm: 

- Openfire User B only receives one confirmation message, regardless of how many 
Aura users attempt to add User B as a contact. 

- Openfire User B does not receive a message to allow or deny User A that is 
attempting to add User B as a contact. Instead, Openfire User B is asked to allow 
or deny a Presence Services administrative user that is configured on the Openfire 
server. For more information, see Adding a user on an Openfire server on 

page 177. 

- Openfire User B receives the confirmation message when the following conditions 
are met 

• An XMPP Collector is configured on Presence Services. 

• A Server-to-Server connection is successfully established between the 
Presence Services and Openfire servers. 

• The federated user or the Openfire User is configured in System Manager. For 
more information, see Adding XMPP Collector user handles on System 
Manager on page 144. 


Phase 2 federation 

• Use Phase 2 federation if the Avaya clients fully support federated users. 

• Follow the steps mentioned in the Presence Services and an Openfire server 
configuration section. Except for the following steps that are not required in Phase 2 
federation: 

- Adding XMPP Collector. For more information, see Adding XMPP Collector on 
page 174. 

-Adding XMPP Collector user handles on System Manager. For more information, 
see Adding XMPP Collector user handles on System Manager on page 144. 
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• Use FQDN of an Aura user to identify federated users. For example, an Aura user 
interacts with a federated user using UserA@openfire.com to perform the following: 

- Add a user as a contact 

- Start an IM conversation 

- Exchange presence information 

• Apply ACL settings. ACL settings are intuitive. For example, if ACL is set to Confirm, then 
the system displays a confirmation message at the Aura client side. The message allows 
a federated user to exchange the presence information with an Aura user. If an Aura user 
adds a federated user as a contact, the system applies the ACL settings at the third-party 
client side. If Aura User A tries to add Openfire User B as a contact, and the ACL settings 
on the client of Openfire User B is set to Confirm, then: 

- Openfire User B receives a confirmation message for each Aura user that attempts 
to add User B as a contact. 

- Openfire User B is asked to allow or deny the actual user that attempts to add User 
B as a contact. 

- Openfire User B receives the confirmation message when Aura User A attempts to 
add User B as a contact. 

Federation availability calculation 

Presence Services provides Avaya clients with presence information that includes: 

• Rich state information that is conveyed in Presence Information Data Format (PIDF). 

• An overall presence state that displays the least-available condition. For example, if a 
user is logged on to multiple devices or channels, then Presence Services sends the 
overall presence state or information to the watchers. Multiple devices or channels can 
be as a phone, video, Enterprise IM, and Avaya application. 

Presence Services provides a consistent presence information in a federated deployment. For 
example, if an Openfire User B adds an Aura User A as a contact, then the system displays a 
similar presence information of User B to User A across devices or channels. 

0 Note: 

Some third-party clients adopt a different approach. For example, third-party clients without 
telephone capabilities might include a presence state that displays the mostly available 
condition. Such clients calculate or display the presence state on the user capability to start 
an IM conversation, rather than the current user state on a device or channel. 


Presence Services and an Openfire server configuration 

Presence Services configuration 

To configure XMPP on Presence Services, you must do the following: 
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• Optional. Configure an XMPP collector to exchange the presence and IM information 
between a user with an Avaya Aura endpoint and a user with a third-party endpoint that 
a third-party server hosts. For more information, see Adding XMPP Collector on 

page 174. 

• Optional. Configure a proxy user to represent a user with a third-party endpoint that is 
hosted by a third-party server. Presence Services the exchanges presence and IM 
information between an Avaya Aura endpoint user and the proxy user. For more 
information, see Adding XMPP Collector user handles on System Manager on 

page 144. 

• Add the Connection Manager component. For more information, see Configuring the 
basic Connection Manager on page 134. 

• Add the Open Port component. For more information, see Configuring OpenPort on 
page 152. 

Related topics: 

Adding Openfire server to the federation domain on page 164 

Adding Openfire server to the federation domain 
Procedure 

1. Log in to the Presence Services XCP Controller Web console (https : //<ip 
A ddress>: 7300/admin). 

2. On the Presence Services home page, select the Advanced configuration view. 
Under the Router area, in the Core Router (Global router settings) section, click 

Edit. 



The system displays the Global Settings Configuration page. 

3. On the Global Settings Configuration page, select the Federation Domains check 
box. 

4. In the Federation Domain(s) field, enter the Openfire domain details. 

5. To save the changes, click Submit. 
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Server-to-Server Connection Manager (S2S CM) 

Server-to-Server connections 

Using the Server-to-Server connection manager (S2S CM), XCP servers can communicate 
with remote servers across domains. It also supports the dialback protocol, which determines 
whether or not to trust a connection from another server. 


The following figure illustrates the S2S CM configuration. 


S2S Connection Manager 


S2S Comman 

d Processor 

XMPP Incoming 
Director 

XMPP Outgoing 
Director 

XMPP In 
Transcoder 

XMPP Out 
Transcoder 


Internet 


t 



\ 


Remote XMPP 



Remote Foreign 

Server 



Server 


S2S Connection Manager configuration 

The S2S CM is configured with an S2S command processor, which contains an XMPP 
incoming director and an XMPP outgoing director for XMPP server-to-server communications. 
Using these directors, you can blacklist and whitelist specific hosts that are inside or outside 
of your XCP system. The incoming director handles incoming packets that are being sent to 
the XCP router from remote servers; the outgoing director handles packets that are being sent 
from the router to remote servers. 


Administering Avaya Aura® Presence Services 


October 2013 165 































Configuring Presence Services components 


Avaya recommends that you configure a new separate server-to-server connection manager 
in order to maximize the efficiency with which the XCP server can handle S2S 
communication. 

The default rules are configured as follows, where n is the number of the CM. 


Director ID 

DNS SRV lookup 

Port 

cm-n 

_s2scp-1_xmppsoutd-1 

_xmpp-server._tcp 


cm-n 

_s2scp-1_xmppsoutd-1 

Jabber._tcp 


cm-n 

s2scp-1 xmppsoutd-1 


5269 


Each time a new outbound connection is required, the S2SCP goes through the rules asking 
the specified director to attempt the outgoing connection. If a director successfully establishes 
a connection, then that director will always handle stanzas bound for that particular host. 
Otherwise, the S2SCP asks the next director (using the defined rules) to attempt an outbound 
connection for the host. 

You only need to add a new rule if you want to change how the DNS lookups happen for 
outbound servers. 

Checklist for adding a new Connection Manager 

Ensure that you know the values for the following parameters: 


Component 

Description 

Notes 

✓ 

XMPP user 

The default federated user name 



Federated XMPP server 
Domain 

The domain that the federated 
XMPP servers use. 



Presence Services IP 
Address 

The IP address of the Presence 

server. 



Presence Services 

FQDN 

The Fully Qualified Domain Name 
(FQDN) of the Presence server. 




Adding and configuring Connection Manager 

Procedure 

1. Log in to the Presence Services XCP Controller Web console. 

2. In the Components section, from Add a new drop-down list, select Connection 
Manager, and then click Go. 
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The system displays the Connection Manager Configuration page. By default, the 
system displays a basic configuration view, select the advanced configuration 
view. 

O Note: 

On the Connection Manager Configuration page, in the Connection Manager 
section, you can rename the Description field to XMPP S2S Fed, for more 
clarity. 


Connection Manaqer Configuration 

- 1 

Connection Mnnagcr ^ 

to 

cm-2 presence a 

Description 

S2S Fed m 

Punlevel 

In - ... "1 1 

Timeout for shutdown 

so 1 f 

0 Component Properties 1 

Number of pockets buffered when component is down 


Bounce error pockets to stderr 

I 

□ Router Outbound Connection Information (i.e., Router connects to component) 1 

Component lb 

]• I 

Port 

=1- | 

Pessword 

. I 

Confirm Pessword 

1 

Buffer sue m bytes for outgoing dote 

Buffer sue «n bytes for mcomng dote ■ 

Send keep olives 1 

Log the delivery of pockets to th*s component 

a 

(Otsebie this opbon for loggng components such os the Messege Archiver.) 1 

0 Execute an External Command 

Meximum ntervel in seconds to woit before restoring component 

50 1 

Moximum number of times to res tort component 

P=1 I 

Intervel m seconds ot which to reset this volue to I second 

Command line to run 1 

Poth to bmery 

_* M 

Commend kr»e to run 

exec /opt/Aveyo/Preeeisce/>eM>er 
/xcp/b lrv/cw -h tt -■» te -n So -p Sp J 




3. Scroll down to the Add a New Command Processor section. 

4. In the Add a New Command Processor section, from the Add a new drop-down 
list, select S2S Command Processor and click Go. 


Add a'fifeW'ConihfancfVrW 6 'ss 6 f '-- --- 

Add new Items by selecting from the drop-down and clicking 'GO'. 

Add a new 

Name | Actions 

□ Component Logging (Hog) 

Logger 

Filtered File Logger 

ir ,t *iirr IntiV 1 **— i nr ~ i ■ . ■ * n 1 1 i - - n - 


JSM Command Processot 
"JSM Command Processor 


S2S Command Proc 


Web Command Processor 
SMTP Command Processor 







The system displays the S2S Command Processor Configuration page. 
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5. In the Director Configuration section, change the default settings for an outgoing 
server director. Perform the following steps to change the default settings: 

a. Click Details next to XMPP Outgoing Server Director. 

The system displays the XMPP Outgoing Server Director Configuration page. 

b. In the Timeout for idle connections (in seconds) field, change the value from 
600 to 0 . 

c. To save the changes, click Submit. 

6. On the S2S Command Processor Configuration page, change the default 
configuration for S2S Command Processor. Perform the following steps to change 
the default configuration: 


S2S Command Processor Configuration 


S2S Command Processor 

ID 

Description 

Director Configuration 

Add new Items by selecting from the drop down jnd clicking 'GO'. 

Add a new 


cm* l_s2scp* 1 presence 
S2S Command Processor 


XMPP Incoming Sener Drectot v [Go] 


Name 

Actions 

Description 

Remove 

cm-l_s 2 »cp-l_*mpp»«vW-l prtsanc* 


XMPP <XAjc*ng S#r*f D«*Ctor 


cm-1_s^scp-l_«mppsmd-1 prsssnc* 


AlIPP MC&TWIQ Spr.prf C'r*c*:< 

< 


S2SCP Configuration 

You molt iHo corAgure an Open Port for this co 

Router Connection Information 

Connection type 
Component IP 
Port 

Password 
Confrm Password 


connect v 

ue 147 tro 12$ 

7400 


Oiatoack secret 






a. In the Authorized Outgoing 'From' Addresses section, in the Default 
behavior field, click deny. 

b. In the Host Filters field, enter the local Presence Services domain name. 

O Note: 

The value for the Presence Services domain name must match Router 
Service Name. 

c. To save the changes, click Submit. 

7. Scroll down to the Outgoing Connection Attempt Rules section. 
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Outgoing Connection Attempt Rules 

Jl rules (including initial defaults) must have thee Oeector IDs match one of the drectors above. 
Add new items by clicking 'GO'. 

Add a new Rule (Go) 


Id 

Actions 

Description 

Remove 

i 

Detail 

cm-2_$2»Cp- 1_impp$ouM-1 

Remove < 

2 

Detail 

cm-2_$2*cp-1 _imppsouM* 1 

Remove ‘ 

3 

Detail 

cm-2_s2scp-1 _ * mppsouM-1 

RtmM 1 


In the Add a new Rule table, by default, the system displays three rows explaining 
the three rules. However, only one rule is required. 

8. Leave rule 1 as is, rule 1 specifies a DNS SRV lookup on _xmpp-server.tcp. 

Q Note: 

Remove the other two rules, having multiple rules adds complexity in collecting 
logs when a system fails. 

9. To remove the rule in the second row, click Remove. Repeat the same steps to 
remove the rule in the third row. 

10. To save the changes, click Submit. 

The system displays the Connection Manager Configuration page. 


S2S Command Processor Parameter Reference 
S2S Command Processor basic parameters 
Description 

The description displays in the list of command processors on the Connection Manager 
Configuration page. 

Director Configuration 

The directors are described as follows: 

XMPP Incoming Server Director handles incoming packets that are being sent to the XCP 
router from remote servers. 

XMPP Outgoing Server Director handles outgoing packets that are being sent from the XCP 
router to remote servers. 

Component IP 

If you are using the default connection type of connect, shown in the Advanced configuration 
view, enter the IP address or the FQDN of the server where the Connection Manager is 
installed. The CMs IP address is provided by default. 

If you change to an accept connection type, enter the IP address or the FQDN on which the 
XCP router listens for the command processor. 
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Port 

If you are using the default connection type of connect, shown in the Advanced configuration 
view, enter the port that this command processor uses for communication. By default, the port 
is set to the Master Accept Port that is specified during XCP server installation. 

If you change to an accept connection type, enter the port on which the XCP router listens for 
the command processors connection. The router allows only a single connection over this port 
at a time. Therefore, multiple versions of the command processor cannot connect to the same 
port. 


Password 

The password that the XCP server uses to authenticate the command processor. 

Outgoing Connection Attempt Rules 

Outgoing Connection Attempt Rules Three rules are supplied by default. They specify the order 
and DNS lookup properties for each outbound director. By default, these three rules are 
configured with the ID of the XMPP Outgoing Server Director. However, if you add another 
director, you must edit the rules or add additional ones, and specify the ID of the director to 
which the rules apply. 

S2S Command Processor intermediate parameters 
Dialback Secret 

The password used to prove the authenticity of another server. All S2S control processors for 
a single XCP system must have the same dialback secret. 

The XCP server uses dialback to verify that a connection between two servers is trusted. One 
XCP server uses DNS to verify that a connecting XCP server is authorized to represent a given 
network. Dialback prevents the connecting server from spoofing a particular server name and 
sending false data. Although the dialback protocol resembles reverse DNS or IP lookups, it is 
more complex, since it must accommodate server farms and complex environments. 

For example, when server A attempts to connect to server B, it sends an XML stream to see 
if server B supports the dialback protocol. Server B returns a stream indicating that it does. 
Server A then sends a dialback key to server B. Server B now dials back and initiates a separate 
connection to server A using a DNS/host name lookup to connect to the correct server. Server 
B returns the dialback key over the second connection. If server A can confirm the key, the 
dialback is successful. 

For a complete description of dialback, see the Internet Engineering Task Force (IETF) 
documentation of the protocol: http://www.ietf.orq/ids.bv.wq/ xmpp.html . 

Authorized Outgoing From Addresses 

Outgoing from addresses are hosts or IP addresses within your organization from which 
outgoing packets may be sent. Outgoing from addresses are normally paired with incoming to 
addresses. 

Default behavior 

Default behavior of your system for handling outgoing from addresses: either allow or deny . 
The hosts and IP addresses listed below are exceptions to the default behavior. For example, 
if you set the default behavior to allow, the specified hosts and IPs are not allowed to send 
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outgoing packets. If you set the default behavior to deny, the specified hosts and IPs are 
allowed to send outgoing packets. 

Host Filters 

The host names for which you want to apply the opposite of the default behavior. 

IP Addresses 

The IP addresses for which you want to apply the opposite of the default behavior. 
Authorized Outgoing To Addresses 

Outgoing to addresses are hosts or IP addresses to which people or entities in your 
organization may send outgoing packets. Outgoing to addresses are normally paired with 
incoming from addresses. 

Default behavior 

Default behavior of your system for handling outgoing from addresses: either allow or deny . 
The hosts and IP addresses listed below are exceptions to the default behavior. For example, 
if you set the default behavior to allow, the specified hosts and IPs are not allowed to send 
outgoing packets. If you set the default behavior to deny, the specified hosts and IPs are 
allowed to send outgoing packets. 

Host Filters 

The host names for which you want to apply the opposite of the default behavior. 

IP Addresses 

The IP addresses for which you want to apply the opposite of the default behavior. 
Authorized Incoming From Addresses 

Incoming from addresses are hosts or IP addresses from which people or entities in your 
organization may receive incoming packets. Incoming from addresses are normally paired with 
outgoing to addresses. 

Default behavior 

Default behavior of your system for handling outgoing from addresses: either allow or deny . 
The hosts and IP addresses listed below are exceptions to the default behavior. For example, 
if you set the default behavior to allow, the specified hosts and IPs are not allowed to send 
outgoing packets. If you set the default behavior to deny, the specified hosts and IPs are 
allowed to send outgoing packets. 

Host Filters 

The host names for which you want to apply the opposite of the default behavior. 

IP Addresses 

The IP addresses for which you want to apply the opposite of the default behavior. 
Authorized Incoming To Addresses 

Incoming to addresses are hosts or IP addresses in your organization that cannot receive 
incoming packets. Incoming to addresses are usually paired with outgoing from addresses. 
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Default behavior 

Default behavior of your system for handling outgoing from addresses: either allow or deny . 
The hosts and IP addresses listed below are exceptions to the default behavior. For example, 
if you set the default behavior to allow, the specified hosts and IPs are not allowed to send 
outgoing packets. If you set the default behavior to deny, the specified hosts and IPs are 
allowed to send outgoing packets. 

Host Filters 

The host names for which you want to apply the opposite of the default behavior. 

IP Addresses 

The IP addresses for which you want to apply the opposite of the default behavior. 

Number of outgoing connection attempts 

The number of times to try making an outbound connection. 

Seconds to wait between connection attempts 

The number of seconds to wait between connection attempts. 

IP Addresses to Prevent Loopback Connections 

The address of any S2S Command Processor that listens for incoming packets. 

Administrators JIDs 

Enter the JIDs of those you want to enable to query the S2S Command Processor. 

The S2SCP can be queried from a client that supports the Service Discovery protocol 
described in XEP-0030. 

Queries must be sent to the S2SCPs ID.realm; for example, cm-2_s2scp-i .denver. 

Users who can discover/view s2s connections 

The users who can query the S2S Command Processor for a list of connected hosts. 

S2S Command Processor advanced parameters 
Connection Type 

With a connect connection type (the default setting), the router connects to the component. 

With an accept connection type, the router opens a specific port and listens on that port for a 
connection from the component. 

For the Open Port, you must configure a connection type that is opposite the type configured 
for the S2SCP. Therefore, if you use the accept connection type for the S2SCP, you must 
configure the Router Outbound Connection Information parameters for the Open Port. 

Timeout for failed outgoing cache (seconds) 

The number of seconds after which the cache table is cleared. This table must be cleared 
periodically to prevent DOS attacks and to prevent a temporarily unresolvable host name from 
becoming permanently unresolvable. The default setting is 1800 seconds. 

OpenPort Component 

Checklist for adding a new OpenPort Component 

Ensure that you know the values for the following parameters: 
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Component 

Description 

Notes 

XMPP server domain name 

The SIP domain that the XMPP 

servers use. 

This is a mandatory 
parameter. 

Presence Services IP Address 

The IP address of the Presence 

server. 

Use default. 

Presence Services FQDN 

The Fully Qualified Domain 

Name (FQDN) of the Presence 
server. 

Use default. 


Adding and configuring an OpenPort component 

Procedure 

1. Log in to the Presence Services XCP Controller Web console. 

2. Under Components, from Add a new drop-down list, select OpenPort, and then 
click Go. 

The system displays the Explorer User Prompt dialog box. 

3. In the Explorer User Prompt dialog box, in the Enter ID of open-port 
component field, enter the component name. The component name must match 
the name that you assign to S2S Command Processor. For example, if the 
component name for S2S Command Processor is cm-2_S2Scp-1 .presence, then 
the component name for Openport must be cm-2_S2Scp-1. 

The system displays the OpenPort Configuration page. 

4. Ensure that the configuration view is set to Advanced. 

5. Scroll down to the Hostnames for this Component section. In the Host(s) field, enter 
the Openfire domain name. 

Openfire domain name is the domain that Presence Services use to connect to the 
Openfire server. Ensure that Presence Services is able to resolve the Openfire 
domain. 

6. To save the changes, click Submit. 

7. On the XCP Controller Home page, click Restart the system. 


XMPP Collector 

XMPP Collector configuration worksheet 

The following table outlines a set of parameters that you must know before configuring an 
XMPP collector: 


Configuration 

parameter 

Name 

Parameter value 

Default value displayed on 
the configuration screen 

✓ 

ID 
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Configuration 

parameter 

Name 

Parameter value 

Default value displayed on 
the configuration screen 

✓ 

Domain 




Address 




Port 


5222 


Federated User 




Federated User 
Password 




Confirm Password 





Adding XMPP Collector 

About this task 

If you did not add XMPP Collector during the installation process of Presence Services, do the 
following: 

Procedure 

1. Log in to the Presence Services XCP Controller Web console. 

2. Under Components, from the Add a new drop-down list, select XMPP Collector, 
and then click Go. 

The system displays the XMPP Collector Configuration page. 


XCP Controller - presence 


[Home] [Logoff] 
Help 


XMPP Collector Configuration 


XMPP Collector 

ID 

Description 

Runlevel 

Timeout for shutdown 

0 Component Properties 

Number of packets buffered when component is down 


xmpp-l.presence 
XMPP Collector 
80 
30 


512 

Bounce error packets to stderr Yes v - 

□ Router Outbound Connection Information (i.e., Router connects to component) 


Component IP 
Port 


........ : 
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3. Ensure that the configuration view is set to Advanced. 

4. Scroll down to the XMPP Collector Servers section. 

XMPP Collector Servers 

Xmpp Collector Configuration 
Add new items by clicking 'GO'. 

Add a new Server (Go) ' 

Id | Actions | Description 

5. To add a new XMPP server, click Go. 

The system displays the Server Configuration page. 

6. Enter the following information: 

a. ID: unique ID for Openfire. 

b. Domain: Hostname of the Openfire server. 

c. Address: IP address of the Openfire server. 

d. Port: Openfire client port. 

e. Federated User: Name of the federated user on the Openfire server with 
administrator privilege access. 

f. Federated User Password: Password of the federated user. 

g. Confirm Password: Re-enter the password. 

7. To save the changes, click Submit. 

8. On the XCP Controller Home page, click Restart the system. 



Openfire XMPP server configuration 

Openfire is an instant messaging and a group chat third-party server that uses an XMPP 
protocol for IM and presence capability. 

Related topics: 

Installing the Openfire XMPP server on page 175 
Configuring the Openfire XMPP server on page 176 
Adding a user on an Openfire server on page 177 
Verifying a successful client session on page 178 
Verifying a successful server session on page 179 

Installing the Openfire XMPP server 

For information on how to install and access an Openfire server, see http:// 
www.igniterealtime.org 
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Configuring the Openfire XMPP server 

By default, Openfire server enables the Server-to-Server Connection Manager component, 
which is required for the basic federation between a Presence server and an XMPP server. 

About this task 

To ensure that the basic federation is set, do the following: 

Procedure 

1. Log in to the Openfire Admin Web console. 

2. Click Server > Server Manager > System Properties. 

3. Under System Properties, check the property value for XMPP domain. 



Ensure that the XMPP domain is resolvable from the Presence server. 

4. Click Server > Server to Server. 

The system displays the Server to Server Settings page. 

5. Under Service Enabled, select the Enabled - Remote servers can exchange 
packets with this server port check box, and then enter 52 69 . 

6. Under Idle Connections Settings, select the Close connections after they have 

been idle for_minutes check box. Accept the default value. 

7. Under Allowed to Connect, select the Anyone - Any remote server is allowed to 
connect to this server. Use the table below to override the default settings 

check box. 
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Adding a user on an Open fire server 
Procedure 

1. Log in to the Openfire Web console. 

2. Click Users/Groups. On the Users tab, click User Summary. 

3. To create a user with administrator privileges, click Create New User. 
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Verifying a successful client session 
Procedure 

1. Log in to the Openfire Web console. 

2. Click Sessions. On the Active Sessions tab, click Client Sessions. 

The system displays the Client Sessions page. 

If the Presence Services configuration is successful, the Openfire admin user will 
have a successful establishment of a client session. 
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Verifying a successful server session 
Procedure 

1. Log in to the Openfire Web console. 

2. Click Sessions. On the Active Sessions tab, click Server Sessions. 

The system displays the Server Sessions page. 

The system establishes a server session only when Presence Services and 
Openfire successfully exchanges IM and presence information. 

0 Note: 

There is no server session if the connection is in an idle state. 


DNS Administration 

When a Presence Services user attempts to interact with a user in the OpenFire domain, the 
S2S component in Presence Services uses DNS SRV lookup to determine the Openfire server 
hosts. 

Similarly, when you configure an Openfire server to connect to Presence Services, you must 
supply the Presence Services domain. When the Openfire server performs a DNS SRV lookup 
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on “_xmpp-server._tcp .<PS domain>", the DNS server that Openfire server use must contain 
a DNS SRV entry for Presence Services. An SRV entry for “_xmpp-server._tcp” contains a 
server name and a port. The port that you supply when you create an SRV entry on Presence 
Services should match with the corresponding configured XMPP server, in this case, an 
Openfire server. The default port value that Presence Services use is 5269, however, you can 
change the port value but you must ensure that you enter the changed port value on Presence 
Services server and Openfire server. 

Related topics: 

Confirming the Presence Services port value on page 180 
Adding a DNS SRV record on page 180 
Verifying the DNS setup on page 181 

Confirming the Presence Services port value 
Procedure 


1. Open the Connection Manager component that you created for Openfire. 

2. Under Director Configuration, click Details for XMPP Incoming Server Director. 
The system displays the XMPP Incoming Server Director Configuration page. 


3. Under the Define the Listening Connection for the TCP Socket section, confirm the 
Port value. 


XMPP Incoming Server Director Configuration 


XMPP Incoming Server Director 
io 

Define the Listening Connection for the TCP Socket 
IP address of external channel 

Port 

□ SSL Settings 
SSL mode 

Full path to SSL key file 
Full path to SSL cert file 
Full path to root CA cert file 
Require valid cfcent side certificates 
Full path to Certificate Revocation List file 
Venfy depth 
Enable weak ciphers 


cm- l_s2*cp- l_xmppsmd-1.presence 

148 147 170 125 - 

5269 




Adding a DNS SRV record 
About this task 

On the DNS for the Openfire domain, which is the DNS server that Openfire server uses, the 
FODN of the Presence Services specified in the network address must be resolvable. You 
must also add a DNS SRV record for the Presence server (Openfire server). 
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You must create the DNS records that meet the following criteria: 

Procedure 

1. When Presence Services contacts the Openfire server, Presence Services provides 
a certificate that contains the Presence Services FQDN. Ensure that this FQDN is 
resolvable in the DNS of the Openfire server. 

2. The Openfire server performs a DNS lookup on the Presence Services FQDN. The 
Openfire server rejects the TLS connection request with Presence Services if the 
DNS server does not return the same FQDN as in the certificate. 

€ Note: 

If the firewall on the Openfire server is on, update the firewall so that the Presence 
server can gain access to port 5269 on the Openfire server. 


Verifying the DNS setup 
Procedure 

1. On the Openfire server, do the following: 

a. At the command prompt, type nslookup -querytype=SRV _xmpp- 
server. tcp .<PS domain>. 

The system displays the Presence Services hostname. 

Ensure that the Presence Services hostname is correct and DNS is 
resolvable. 

b. At the command prompt, type nslookup -querytype=A <PS hostname>. 

Where <PS hostname> is the value of the Presence Services hostname that 
you received in the previous step. 

The system displays the IP address of the Presence server. 

Ensure that the IP address of the Presence server is correct. 

2. On the Presence server, do the following: 

a. At the command prompt, type nslookup -querytype=SRV _xmpp- 
server. tcp .<Openfire domain>. 

The system displays the Openfire hostname. 

Ensure that Openfire hostname is correct and DNS is resolvable. 

b. At the command prompt, type nslookup -querytype=A <Openfire 
hostname>. Where <Openfire hostname> is the value of the Openfire domain 
that you received in the previous step. Ensure that the IP address of the 
Presence server is correct. 

0 Note: 

Once you resolve the IP address, test the connection by pinging from a Presence 
Services machine, to an Openfire machine. You can also use telnet <ip> 5269 
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to make sure the two machines are connected. Ensure that there is no firewall 
that might block the traffic between the two servers. 


Troubleshooting 

Enabling optional logging from the XCP Controller Web console 
Procedure 

1. Log in to the Presence Services XCP Controller Web console and switch to the 
Advanced/Intermediate configuration view. 

2. On the Connection Manager Configuration page, under the Connection Manager 
Configuration section, click the Component Logging (Jlog) check box. 

3. Click Logger and then click Filtered Syslog Logger. 

0 Component Logging (Jlog) 

0 Logger 

0 Filtered File Logger 
Pipe Level Filter 

Level 
Pipe file 

File Settings 

Name and location 
Memory buffer size (in bytes) 

Size of file (in megabytes) after which the log rotates 
Number of hours after which the log rotates 
Number of log files to keep after the log rotates 

Formatter 

Formatter 

0 Filtered Syslog Logger 
Pipe Level Filter 




4. Under Pipe Level Filter, from the Level drop-down list, select DEBUG. 

5. In the Pipe file field, type /opt/Avaya/Presence/ j abber/xcp/var/log/of- 
cm.pipe. 

6. Under Syslog Settings, from the Facility drop-down list, select LOG_DAEMON. 
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7. In the Identity field, type of_cm. 


0 Filtered Syslog Logger 

Pipe Level Filter 




Level 

DEBUG 



Pipe file 

/ o pt/Avay a/ P re s e n c e/j a b bi : 

Syslog Settings 




Facility 

LOG DAEMON v 


Identity 

OF CM 

Formatter 




Formatter 

%d [%l] %s: %m 

lw»<wr. , H , | n 4*.** -***^ -»• . .. 


' 


8. To save the changes, click Submit. 

© Note: 

You can recognize the XMPP Collector records by the logging tag OF_CM in 
each of the associated log output entries from the XMPP Collector. The system 
sends the debug level logging messages from the XMPP Collector to /var/log/ 
presence/ps . log and extracts these messages to assist in diagnosing any 
problems that you might encounter. 


Enabling optional logging using CLI 
Procedure 

1. Log in to the Presence server. 

2. Once logged in, type the following command to log in as the root user, su root. 

3. Check the current log level, type /opt/Avaya/Presence/jabber/xcp/bin/ 
updateLogLevel.sh OF CM -c. 

4. To increase the logging level, type the following command until you reach the 
DEBUG level, /opt/Avaya/Presence/jabber/xcp/bin/ 
updateLogLevel.sh OF CM -i. 

The default logging level is WARNING. 

5. Check the filtering level of the rsyslog logger in the /etc/rsysiog. conf file. 

6. Restart the logging service, type Service rsyslog restart to restart service 
logging. 
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O Note: 

Service rsyslog sends the XMPP Collector logging to the /var/iog/messages 
file. You can recognize the XMPP Collector records by the logging tag OF_CM 
in each of the associated log output entries from the XMPP Collector. The system 
sends the debug level logging messages from the XMPP Collector to /var/log/ 
presence/ps . log and extracts these messages to assist in diagnosing any 
problems that you might encounter. 


Discovery protocol for querying the S2S Command Processor 

The XMPP protocol examples, based on XEP-30, of how to discover the inbound and outbound 
S2S connections are as follows. For more information, see XEP-0030. 

Related topics: 

S2SCP query for information on page 184 
Outbound and inbound lists query on page 185 
S2SCP query for all items on page 185 


S2SCP query for information 

Example 

The following XMPP query asks for information about the S2SCP whose ID is 

cm-2_s2scp-l.jabber: 

<iq id='disco-info-10' to='cm-2_s2scp-l.jabber' type='get'> 

<query xmlns='http://jabber,org/protocol/disco#info'/> 

</iq> 

The following response from the server identifies the S2SCP as a component of type s2s. 

<iq xmlns='jabber:client' 
from='cm-2_s2scp-l.j abber' 
id='disco-info-10' 

to='asmith@example.com/Example Messenger Desktop Corp' 
type='result' 
xml:lang='en' 

> 

<query xmlns='http://j abber.org/protocol/disco#info'> 
component/> 

<query> 

</iq> 
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Outbound and inbound lists query 


Example 

<iq id='disco-info-10' 
to='cm-2_s2scp-l.j abber' 
type='get' 

> 

<query xmlns='http://jabber.org/protocol/disco#items' 
node='-outbound' 

/> 

</iq> 

<iq id='disco-info-10' 
to='cm-2_s2scp-l.j abber' 
type='get' 

> 

<query xmlns='http://jabber.org/protocol/disco#items' 
node='-inbound' 

/> 

</iq 


S2SCP query for all items 

Example 

The following XMPP query asks for a list of all items associated with the S2SCP: 

<iq id='disco-info-10' 
to='cm-2_s2scp-l.jabber' 
type='get' 

> 

<query xmlns='http://jabber.org/protocol/disco#items'/> 

</iq> 

The following response received from the server lists the items, which include an inbound node 
and an outbound node: 

<iq xmlns='jabber:client' 
from='cm-2_s2scp-l.j abber' 
id='disco-info-10' 

to='ardiederich@example.com/Sample Messenger Desktop' 
type='result' 
xml:lang='en' 

> 

<query xmlns='http://j abber.org/protocol/disco#items'> 

<item jid='cm-2_s2scp-1.jabber' 
name='Inbound Connections' 
node='-inbound' 

/> 

<item jid='cm-2_s2scp-1.jabber' 
name='Outbound Connections' 
node='-outbound' 

/> 

</query> 

</iq> 
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Configuring Authorization ACLs on System Manager 

About this task 

Presence Services supports the Allow, Block, and Confirm options. You can set the ACL 
options using System Manager Web Console. 

Using this task you can define the policy for accessing user presence information. 

Procedure 

1. Log in to System Manager Web Console as an administrator. 

2. On System Manager Dashboard, click User Management. 

3. On the User Management page, click System Presence ACLs on the left 
navigation pane. 

4. Set the default policy. By default, System Manager sets the default policy to 
Allow. To implement watcher authorization, set the default policy to Confirm. 

a. In the Presence ACL section, click the Default Policy tab. 

b. On the Default Policy tab, select the All check box and then click Edit. 

c. From the Action drop-down box, select Confirm. 

d. To save the changes, click Save. 
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O Note: 

Currently, Presence Services supports only Default Policy. 


Adding other presentities to the resource list of a user 

About this task 

You can add presentities using the Avaya SIP devices like Avaya one-X® Communicator. 
However, you can also add them in System Manager, if required. 

Procedure 

1. Log in to System Manager Web Console as an administrator. 

2. On System Manager Dashboard, click User Management. 

3. On the User Management page, click Manage Users on the left navigation pane. 

4. On the Users page, select the relevant user and then click Edit. 

5. On the User Profile Edit page, click the Contacts tab, and then click Add under 

Associated Contacts. 

6. On the Attach Contacts page, select the presentity to add and click Select. 

7. On the User Profile Edit page, again select the presentity, and then click Edit. 
The system displays the Edit Contact List Member page. 

8. Select the Presence Buddy check box and then click Add. 

The system displays the User Profile Edit page. 

9. To save the changes, click Commit. 

For more information, see the System Manager documentation. 


Multiuser chat 

Presence Services supports all the variants of Avaya one-X® Communicator for extended 
stanza addressing, such as XEP-0033. You can send a message to multiple contacts, which 
enables you to have multiple chat sessions at the same time. 

This feature is available by default. However, if you are unable to initiate multiple chats at the 
same time, you must enable the feature. 
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O Note: 

End-points must maintain a list of participants and perpetuate the thread ID when they 
respond to a XMPP <message>with an XEP-033 <address> element. 

Related topics: 

Enabling multiuser chat on page 188 
Stanza optimizer parameters on page 188 


Enabling multiuser chat 

Procedure 

1 . Log in to the XCP Controller Web interface and change to the Advanced 
configuration view. 

2. On the Home page, under Components, from the Add a new drop-down list box, 
select Stanza Optimizer and then click Go. The system displays the Stanza 
Optimizer Configuration page. 

3. To enable stanza optimizer, enter the stanza optimizer parameters and then click 

Submit. 


Stanza optimizer parameters 


Parameter 

Description 

Description 

The description is displayed in the 
Components area on the controller’s main 
page and should help you distinguish 
between components of the same type when 
you have more than one configured. You can 
change the description as needed. 

Runlevei 

Enter the order in which this component 
shuts down. The runlevei must be an integer 
value greater than or equal to zero. 
Component shutdown is executed in reverse 
order of the specified runlevei; components 
with the highest level (typically 70) shut down 
first. 

Do not change the runlevei unless you know 
exactly what you are doing and understand 
the effects that changing it will have. The 
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Parameter 

Description 


default runlevel is provided to help the 
system shut down as smoothly as possible, 
and is based on this component’s 
dependencies upon other components. 

Timeout for shutdown 

Enter the number of seconds that the server 
waits to receive acknowledgement from the 
component that the shutdown process has 
completed. If the component has not shut 
down by the time this time period has 
elapsed, the router leaves the process in its 
current state and continues shutting down 
other processes. 

Component Properties 


Number of packets buffered when 
component is down 

Enter the number of packets bound for the 
component that should be buffered if the 
component goes down. 

Bounce error packets to stderr 

Select Yes if you want the router to send 
warnings to stderr when the component is 
down. 

Router Outbound Connection 

Information 

Select this option only if you want the XCP 
router to connect to the component. For 
example, if the component is running outside 
your firewall, this option allows the router to 
connect to the component safely rather than 
introducing security risks by letting the 
component connect to it. By default, 
components connect to the router using the 
router’s Master Accept Port. 

Component IP 

Enter the IP address or host name of the 
system on which the component is 
installed. 

Port 

Enter the port that the component uses for 
communications. 

Password 

Enter the password that the router uses to 
authenticate the component. 

Buffer size in bytes for outgoing data 

Enter the number of bytes the router should 
buffer when it sends information to the 
component. You may want to modify this 
element when working on performance 
enhancements. 

Buffer size in bytes for incoming data 

Enter the number of bytes the router should 
buffer when it receives information from the 
component. You may want to modify this 
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Parameter 

Description 


element when working on performance 
enhancements. 

Send keepalives 

Select Yes if you want the router to send 
keep-alives to the component. The keep¬ 
alive helps prevent firewalls from dropping 
an unused connection to the component. If 
this option is set to No, keep-alives are 
disabled. 

Log the delivery of packets to this 
component 

Select Yes if you want to log the data that the 
router delivers to the component. The 
information is logged to the logger(s) you set 
up during Jabberd Logger configuration 
(syslog, file, or stderr). Socket-level logging 
happens only at the debug level. 

Execute an External Command 

This option allows the router to start the 
component automatically. If you prefer to 
start the component from a command line, 
disable this option. 

Maximum interval in seconds to wait 
before restarting component 

Enter the maximum number of seconds after 
which the router tries to restart the 
component. If the component goes down, the 
router tries to restart it after one second. If 
the component does not start, the router 
multiplies the wait time by 1.5, and tries 
again. Once the maximum time interval that 
you specify for this parameter is reached, the 
router continues to retry after waiting this 
amount of time. 

Maximum number of times to restart 
component 

Enter the total number of restarts allowed. 
The default setting, -1, means unlimited. 

Interval in seconds at which to reset this 
value to 1 second 

Enter the number of seconds that the 
component has been up and running, after 
which to set the restart time back to one 
second. 

Path to binary 

Enter the directory path to the shell that 
launches the component. You can change 
the default setting if needed. 

Command line to run 

A command that runs the component 
automatically is provided by default. You can 
modify it if needed. 

O Note: 

Do not use the -B argument with this 
component. Since jabberd is already a 
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Parameter 

Description 


daemon process, its children must not be 
daemons. 

You should not redirect output, because ali 
output to STDOUT and STDERR will be 
redirected to /dev/null. 

Hostnames for this Component 

This option specifies the hosts for which this 
component will handle packets. Specify a 
host filter only if you want the component to 
be externally addressable; for example, if 
you want clients and other components or 
programs to communicate with it. This is 
because the mod_disco module in JSM uses 
host filters to return the component as 
something that should be discoverable. 

Host Filters 

By default, the XCP server’s host name 
prepended by stanza-optimizer is provided. 
Enter the host names or IP addresses for 
which you want this component to handle 
packets. Separate each host name or 
address with a line break. 

Host filters must be host names, or IPv4 or 
IPv6 addresses. If you use an IP address, the 
packet address must also use this IP 
address. 

Stanza Optimizer Configuration 


Number of threads to dedicate to stanza 
optimizer tasks 

Enter the number of threads that you want to 
have processing tasks in the component. 
Increasing this value enables the component 
to handle more tasks at a time. However, it 
spends more time scheduling the tasks as 
this number increases. 

We recommend that you set this number to 
one more than the number of processors on 
your system. 

Timeout (in seconds) for XEP-033 disco 
attempts 

Enter the number of seconds to wait for the 
server to determine if non-local domains can 
handle stanza optimization. If a non-local 
domain cannot handle stanza optimization, 
one packet is sent per recipient. 

Disco Cache Timeout (in minutes) 

Enter the number of minutes that a discovery 
answer (positive or negative) should exist. 
The maximum number of minutes that you 
can specify is 1440 (24 hours). 
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Parameter 

Description 

Multiple optimizer address threshold 

This parameter is to be used mainly for fine 
tuning your system. In most cases, the 
default value should be sufficient. 

The threshold refers to the number of 
recipients who are located in a remote 
domain. The value is the maximum number 
of recipients required for extended stanza 
addressing to take effect. 

List of local domains 

Enter the list of local domains. The Stanza 
Optimizer dynamically determines which 
domains are local, but you can enter them 
here to short circuit this discovery process. 
The Stanza Optimizer does not send 
optimized packets to local domains. 

Component Logging (Jlog) 

Select the Component Logging (Jlog) 

option only if you want to configure filtered 
level loggers that log messages to syslog 
and to a stream (stderr or stdout). You can 
enable either or both the syslog and stream 
loggers. These parameters are displayed in 
the controller’s Intermediate and Advanced 
configuration views. 

Add a new custom logger 

If you have created a custom logger for 
logging component information using the 
libjcore library, click Go to access the 

Custom Logger Configuration page. 

SNMP Configuration 

Select this option if you want to configure 
SNMP for the component. 

Enable SNMP 

Leave this parameter set to Yes. 

Count errors 

Select Yes only if you want to enable SNMP 
error counting. This option takes a great deal 
of server resource, so use it with caution. 
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Chapter 5: Administering alarms and logs 


Alarms and logs 

With the help of alarm notifications and log files, you can monitor the condition of the system 
and troubleshoot errors in a number of ways. Presence Services generates a series of log files 
which contain information, such as warning and error messages that the system generates. 
Presence Services also generates a number of alarms to notify you of connection difficulties 
and licensing issues. 

Presence Services integrates with Avaya Secure Access Layer (SAL) to send log files and 
alarm notifications to Avaya Aura® System Manager. Moreover, a local log harvester 
component on Presence Services can convert third-party logs, such as syslog, to Avaya 
Common Logging Format (CLF) and integrate these external logs with SAL for forwarding to 
System Manager. 

Using Presence Services you can forward Simple Network Management Protocol (SNMP) 
traps to multiple Network Management System (NMS) and Avaya Development Centre 
(ADC). 

For more information, see the Simple Network Management Protocol traps to multiple Network 
Management System configuration section under the chapter Maintenance Operations. 

Related topics: 

Viewing logs on System Manager on page 193 
Types of logs on page 194 
Configuring dynamic logging on page 195 
Alarms on page 196 


Viewing logs on System Manager 

About this task 
O Note: 

Presence Services integrates with SAL to send log files to System Manager. 
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Procedure 

1. Log in to System Manager Web Console by entering the System Manager virtual 
machine IP address in a Web browser, as follows: https : //<System Manager 
IP address>/SMGR 

2. On System Manager Dashboard, click Services > Events > Logs > Log Viewer. 
You can view the logs and export them to another application as a comma separated 
values (.csv) file. For more information on logs, see Troubleshooting Avaya 
Aura® Presence Services on the Avaya support website. 


Types of logs 

Presence Services produces the following types of logs: 

• Statistics log: Presence Services produces a statistics log, which is updated every minute. 
View the $ jabber HOME/var/log/presence stats . log file on the Presence 
server to see the statistic logs. You can edit the thresholds of the log using the Presence 
Services Web GUI. The Presence Services Web GUI is often known as the XCP 
Controller or the Web Controller. Use the Statistics feature on Web Controller to edit the 
statistics log. 

• System resources log: Presence Services also produces a system resources log, which 
is updated every hour. View the /var/log/presence/memory. log file on the 
Presence server to see the system resources logs. By default, the log rotates after it 
reaches 5MB and overwrites previous logs after 30 rotations. 

• Audit log: Presence Services also produces an audit log of all configuration changes that 
you make using the Presence Services Web GUI. You can view this log by navigating 

to /var/log/presence/presence core. log on the Presence server. 

O Note: 

To log in to the command line interface (CLI) on the Presence server or to view and edit a 
file on the Presence server, you must use a terminal emulator application such as PuTTY. 
You must log in to the Presence server as a craft user and then use the su command to 
obtain root access. 
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Configuring dynamic logging 

About this task 

With regards to the dynamic logs, there are a number of log levels, each of which provides 
more detail than the previous level: 

• Error 

• Warn 

• Info 

• Verbose 

• Debug 

You can configure the log level of each component. For example, you can configure the 
Connection Manager to produce error logs and configure the SIP Presence server to produce 
debug logs. 

To log in to the command line interface (CLI) on the Presence server or to view and edit a file 
on the Presence server, you must use a terminal emulator application such as PuTTY. You 
must log in to the Presence server as a craft user and then use the su command to obtain root 
access. 

For example, to increase the logging level of the Connection Manager component, enter the 
following command: 

A Warning: 

You must perform these steps under the supervision of an Avaya Support personnel. 

Procedure 

1. Enter the command, /opt/Avaya/Presence/jabber/xcp/bin/ 
updateLogLevel.sh cm-1 -I 

The CLI increases the log level and displays the new log level, for example: 
cm-1 is now logging at level (INFO) 

2. You can repeatedly enter the command to increase the levels:/opt/Avaya/ 

Presence/jabber/xcp/bin/updateLogLevel.sh cm-1 -i cm-1 is now 
logging at level (VERBOSE). /opt/Avaya/Presence/jabber/xcp/bin/ 
updateLogLevel. sh cm-1 -i cm-1 is now logging at level (DEBUG). 

3. To decrease the logging level of the Connection Manager component, enter:/opt/ 

Avaya/Presence/jabber/xcp/bin/updateLogLevel.sh cm-1 -d 

The CLI decreases the log level and displays the new log level, for example: 

cm-1 is now logging at level (VERBOSE) 

4. You can repeatedly enter the command to decrease the levels: 
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/opt/Avaya/Presence/jabber/xcp/bin/updateLogLevel.sh cm-1 -d: 

cm-1 is now logging at level (INFO). 

/opt/Avaya/Presence/jabber/xcp/bin/updateLogLevel.sh cm-1 -d: 

cm-1 is now logging at level (WARN). 

5. To check the logging level of any component, enter: /opt/Avaya/Presence/ 
jabber/xcp/bin/updateLogLevel.sh Ccomponent Name> -c 

© Note: 

The system resets dynamic logging if you restart the Presence server. 


Alarms 


Presence Services integrates with the Avaya Secure Access Layer (SAL) to send alarm 
notifications to Avaya Aura® System Manager. Logs of the type FATAL become alarms. 

For more information on alarms, see the Avaya Aura® Troubleshooting guide. 


Logging configuration 


Overview 

A Warning: 

You must configure logging levels under the supervision of an Avaya Support personnel. 

You can configure logging for specific components using the Presence Services log4j.xml 
configuration file (/opt/Avaya/Presence/presence/lib/path/log4j .xml) . 

Log4j.xml defines two types of appenders, SPIRIT_FILE and LOCAL_FILE. 

The SPIRIT_FILE (/var/log/presence/presence-container-1 .presence.log) is 

for the exclusive use of the SAL Agent. So it conforms to the Avaya Common Logging Format 
(CLF) and is limited to INFO logging and above. 

The LOCAL_FILE (/var/log/presence/presence- 

container-1. presence_local. log) on the other hand is for Presence Services 
administrative users. It is easily readable and contains log messages at all levels. 
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All Operational Logging from Presence components use loggers with the events.operational 
prefix. 

<logger 

name="events.operational.com.avaya.presence.server.Licensing"> 

<level 

value="WARN#com.avaya.common.logging.client.LogLevel"/> 

</logger> 

In the example above: 

• events.operational indicates that this is Operational Logging. 

“com.avaya.presence.server” indicates the Presence Product. 

• Licensing indicates the name of the component. 

• WARN indicates the level of logging you require for this component. 

The rest of the loggers (including the “root” logger) are for debugging only. Contact the support 
engineers for debugging. 

You could effectively disable debug logging. The section below shows you how to allow logging 
of only FATAL debug messages. 

<! - - Debug logging - goes to LOCAL_FILE - -> 

<root> 

<level 

value="FATAL#com.avaya.common.logging.client.LogLevel"/> 

<appender-ref ref="LOCAL_FILE"/> 

</root> 


O Note: 

The logging levels are: FATAL, ERROR, WARN, INFO, FINE, FINER, FINEST. 


Changing default logging level 

Procedure 

1. Log in to the Presence server. 

2. Edit the file at / opt /Avaya /Presence/presence /lib/path/ log4 j . xml. 

3. Enable the relevant section and change the level as required. 

<logger name="events.operational"> 

<level 

value="WARN#com.avaya.common.logging.client.LogLevel"/ 

> 

</logger> 
to, for example, 

<logger name="events.operational"> 

<level 

value="INFO#com.avaya.common.logging.client.LogLevel"/ 

> 

</logger> 

4. Restart the Presence server. 


Administering Avaya Aura® Presence Services 


October 2013 197 



Administering alarms and logs 


O Note: 

The lower the level you set, the more log records are generated. So you may not 
want to set a lower level for a long period of time to avoid having to navigate 
through unwieldy and long log files. Set a lower log level for individual 
components as opposed to changing the default for the whole Presence 
server. 

O Note: 

If the log level of a component is increased to the DEBUG level then you must 
change it back to the ERROR level as soon as the required debug logs are 
collected for debugging. 


Enabling logging for specific components 


Enabling logging for ID Mapping 

Procedure 

1. Log in to the Presence server. 

2. Edit the file at / opt /Avaya/ Presence /presence /lib/path/ log4 j . xml. 

3. Enable the relevant section and change the level as required. For example, from 

<logger name="events.operational.com.avaya.presence.server.Idmapper"> 

<level value="INFO#com.avaya.common.logging.client.LogLevel"/> 

</logger> 

to, 

<logger name="events.operational.com.avaya.presence.server.Idmapper"> 

<level value="FINEST#com.avaya.common.logging.client.Loglevel"/> 
</logger> 


Enabling logging for Authorization Manager 

Procedure 

1. Log in to the Presence server. 

2. Edit the file at / opt /Avaya /Presence /presence /lib/path/ log4 j . xml 
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3. Enable the relevant section and change the level as required. For example, from 

<logger name="events.operational.com.avaya.presence.server.AuthzManager"> 
<level value="INFO#com.avaya.common.logging.client.LogLevel"/> 

</logger> 

to, 

<logger name="events.operational.com.avaya.presence.server.AuthzManager "> 
<level value="FINEST#com.avaya.common.logging.client.LogLevel"/></logger> 


Enabling logging for Resource Lists 

Procedure 

1. Log in to the Presence server. 

2. Edit the file at /opt/Avaya/Presence/presence/lib/path/log4 j . xml. 

3. Enable the relevant section and change the level as required. 

<logger 

name="events.operational.com.avaya.presence.server.<type>" 

<level 

value="FINEST#com.avaya.common.logging.client.LogLevel"/> 

</logger> 

where <type> can be replaced with the appropriate logger. 

ResourceListManagementService - All logging 

ResourceListManagementService.LocalDB - interface to Local 

DB ResourceListManagementService.Core - interface to core 

ResourceListManagementService.LifeCycle - lifecycle logging 

ResourceListManagementService.LifeCycle.LocalDB - lifecycle 

DB interface ResourceListManagementService.LifeCycle.JabberConnector - 
lifecycle 

Jabber ResourceListManagementService.LifeCycle.Main - lifecycle Main 


Enabling logging for SES Collector 

Procedure 

1. Log in to the Presence server. 

2. Edit the file at /opt/Avaya/Presence/presence/lib/path/log4 j . xml 

3. To turn on a specific SES collector log, add one of the strings listed below. 
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4. To turn on all SES collector logs, enable the relevant section, and change the level 
as required. 

<logger name="events.operational.com.avaya.presence.server.SESCollector"> 
<level name="events.operational.com.avaya.presence.server,SESCollector"> 
</logger> 

For SES Collector Life cycle logs, it should read: 

<logger 

name="events.operational.com.avaya.presence.server.SESCollector.LifeCycle 

"> 

<level value="FINEST#com.avaya.common.logging.client.LogLevel"/> 

</logger> 

For SES Collector and PS Core interaction Logs, it should read: 

<logger 

name="events.operational.com.avaya.presence.server.SESCollector.Core "> 

< level value="FINEST#com.avaya.common.logging.client.LogLevel"/> 
</logger> 

For SES Collector and SES ( SIP interface), it should read: 

<logger 

name="events.operational.com.avaya.presence.server.SESCollector.SIP "> 

<level value="FINEST#com.avaya.common.logging.client.LogLevel"/> 

</logger> 

For Logs of tracing time of processing SES updates by SES collector (time of 
processing single SES update), add the following line: 

<logger 

name="events.operational.com.avaya.presence.server.SESCollector.Core. Proc 
essTimer "> 

<level value="FINEST#com.avaya.common.logging.client.LogLevel"/> 

</logger> 


O Note: 

By default, there is one minute of delay between the Presence change on the 
SES client and the notification to come from the SES server to Presence 
Services. 


Enabling logging for RTC Collector 

Procedure 

1. Log in to the Presence server. 

2. Make changes to the /opt/Avaya/Presence/presence/lib/path/ 
log4 j . xml file. 

3. To enable the RTC Collector logs, enable the relevant section and change the level 
as required in log4j.xml. 

dogger 
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name="events.operational.com.avaya.presence.server. RTCCollector"> 
<level 

value="FINEST#com. avaya. common, logging, client. LogLevel"/> 
</logger> 


getpslogs.sh tool 

Use the getpslogs . sh command tool to gathers all the required logs from the Presence 
server. You can then archive all the logs and create a zip file for a specified range of days. The 
default number of days (duration) for the logs is set as to 7. These logs, in turn, help the 
Presence Services support team to troubleshoot problems. 

Related topics: 

Using the getpslogs.sh tool on page 212 
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Chapter 6: Maintenance Operations 


Presence commands 

Presence Services comes prepackaged with a number of post installation tools that support 
debugging and maintenance. This chapter provides information about the command line 
interface (CLI) as well as additional information for more complex commands. 

Related topics: 

qetpsloqs.sh tool on page 201 
Quick reference commands on page 203 
backup.sh tool on page 205 
restore.sh tool on page 207 
prescert tool on page 208 
swversion.sh tool on page 211 
chanqelP.sh tool on page 212 
updateLoqLevel.sh tool on page 213 
watchers.sh tool on page 214 
confiqureNMS.sh tool on page 215 
qenerateTestAlarm.sh tool on page 217 
Using the setProductID.sh tool on page 218 
Using the qetProductID.sh tool on page 218 
im manaqer.sh tool on page 219 
Error Levels on page 223 


Quick reference commands 

The Presence CLI command table explains the CLI commands and their usage in an 
alphabetical order. 


Command Location 

Description 

backup.sh 

/opt/Avaya/Presence/ 

presence/bin 

Backs up the existing 
configuration of the XCP 
Controller including a snapshot 
of the database, which would 


Administering Avaya Aura® Presence Services 


October 2013 203 























Maintenance Operations 


Command 

Location 

Description 



include users and archived 
messages. 

changelP.sh 

/opt/Avaya/Presence/ 

presence/bin 

Updates the Presence Services 
config files with the new IP, if the 
IP of a machine changes post 
Presence Services installation. 

configureNMS.sh 

$SPIRIT_HOME/scripts 

Sends Simple Network 
Management Protocol (SNMP) 
traps to multiple Network 
Management System (NMS) for 
each alarm. 

generateTestAlar 
m. sh 

$SPIRIT_HOME/scripts/utils 

Tests if alarms are working. 

getProductID.sh 

$SPIRIT_HOME/scripts/utils 

Fetches the product ID of 
ProductType. 

getpslogs.sh 

/opt/Avaya/Presence/ 

presence/bin 

Collects all the Presence 
Services related log files and 
creates a zip of them for 
inspection. 

im manager.sh 

/opt/Avaya/Presence/ 

presence/bin 

Manages the IM database. 

prescert 

/opt/Avaya/Presence/ 

presence/bin 

Provides an administration of 
certs for the Presence Services 
tool, such as creates export, 
import, and so on. 

presstatus 

/opt/Avaya/Presence/ 

presence/bin 

Provides status of the running 
core processes and 
components in the XCP 
Controller. 

restore.sh 

/opt/Avaya/Presence/ 

presence/bin 

Restores a previously backed 
up configuration. 

setProductID.sh 

$SPIRIT_HOME/scripts/utils 

Sets the product ID, which 
identifies the installation 
instance. 

start.sh 

/opt/Avaya/Presence/ 

presence/bin 

Starts Presence Services, such 
as jabber, xcp controller, and 
postgres. 

stop.sh 

/opt/Avaya/Presence/ 

presence/bin 

Stops Presence Services such 
as jabber, xcp controller, and 
postgres. 
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Command 

Location 

Description 

swversion.sh 

/opt/Avaya/Presence/ 

presence/bin 

Prints the versions of the 
packages that have been 
installed including the Presence 
Services and 3rd party 
packages. 

updateLogLevel.s 
h 

/opt/Avaya/Presence/ 

jabber/xcp/bin 

Updates dynamically the log 
level of the Jabber XCP 
components, such as increase/ 
decrease/check log level 
without restarting any 
processes. 

watchers.sh 

$PRES_HOME/presence/bin 

Displays the JIDs of active users 
being watched by JID or the 

JIDs of active users watching 
JID. 


Related topics: 

chanqelP.sh tool on page 212 


backup.sh tool 

The backup, restore, and update scripts are installed in the folder, /opt/Avaya/Presence/ 
presence/bin. When you install Presence Services, the system creates a temporary staging 
directory and a final archive directory. The staging directory is fixed at /var/tmp/presence/ 
backup. During a backup procedure, backup, sh and its subscripts write files to the staging 
directory. Then backup. sh tars up the staging director and places the resulting file into the 
archive directory by default. So backup.sh stores an individual backup as a single compressed 
tar file. By default, backup. sh names the file using the date format (current day and time 
down to seconds.) 

Backup stores Presence configuration files and database tables into a compressed archive 
file. Backup saves the archive in the archive directory if a location is not specified as a 
component of the filename. 

O Note: 

When you run the backup, sh command, the Presence server goes down. 

backup.sh [ -f<filename> ] 

O Note: 

See the -f option in the OPTION section below for the name of the archive. See the 
PRESENCE_ARCHIVE_DIR environment variable in the ENVIRONMENT section below for 
the location of the archive directory. 
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An archive captures the state of a Presence installation as recorded in its configuration files 
and databases. Once an archive is made, the state it contains can be recovered by restoring 
the archive (with restore.sh) onto an installation of Presence where the executable files are 
identical to those from which the archive was derived. Depending on what has happened to 
the Presence installation since the archive was made, recreating its previous state may 
involve uninstalling and reinstalling Presence, to reset the state of its executables, and then 
restoring the archive. 

Alternatively, the update process uses the backup tool to move from one release of PS 6.0 
to a later release. However, it cannot restore an archive taken from a later version of 
Presence to an earlier version of Presence. 

Option 

-f Names the archive file. If you do not specify the path component then the archive 

<filename> will be stored in the archive directory. If you do not use the -f option the archive 
is by default named 

backup_<year>_<month>_<day>_<hour>_<minute>_<seconds>.{gz and 
stored in the archive directory. Ffor the location of the archive directory, see the 
PRESENCE_ARCHIVE_DIR environment variable in the ENVIRONMENT 
section below. 


Environment 

PRESENCE_ARCHIVE_DIR 

Sets the archive directory. If you do not set the environment variable, then the system by default 
sets the archive directory to /var/presence/backup/archive. 

Result 

However, a 0 is not a completely reliable indicator of success, and you must inspect the backup 

log at /var/log/presence/backup. log for errors. 

Examples 

Assuming PRESENCE ARCHIVE DIR is unset 

• backup.sh (run on 16 November 2009 at 1:05:43 PM) 

Creates /var/presence/backup/archive/backup_2009_11_16_13_05_43.tgz. 

• backup.sh -f ./elvis.tgz 

Creates elvis.tgz in the current directory. 

Assuming PRESENCEARCHIVEDIR is set to “/tmp” 

• backup.sh (run on 16 November 2009 at 1:05:43 PM) 

Creates /tmp/backup_2009_11_16_13_05_43.tgz. 

• backup.sh -f ./elvis.tgz 

Creates elvis.tgz in the current directory. 
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restore.sh tool 


O Note: 

As a prerequisite, you must first stop the Presence server before performing a restore. 

Restore recovers the Presence configuration files and database tables from a compressed 
archive file. The system looks for the archive in the default directory if a location is not specified 
as a component of the filename. 

restore.sh [ -f <filename> ] 

O Note: 

See the -f option in the Option section for the name of the archive. For the location of the 
archive directory, see the PRESENCE_ARCHIVE_DIR environment variable in the 
Environment section. 

An archive captures the state of a Presence Services installation as recorded in the 
configuration files and databases of the Presence server. You can rollback Presence 
Services to the previous state by restoring to an older installation of Presence. However, 
the executable files must be identical to those from which the archive was derived. 

Depending on what has happened to the Presence installation since the archive was made, 
you might have to recreate the previous state of Presence Services. This might involve 
reinstalling Presence Services, to reset the state of its executables, and then restoring the 
archive. You can also restore an archive to a later version of Presence Services if permitted 
by the restore.sh of that later version. This process allows the configurations to migrate with 
upgrades and patches. 

An archive taken from a later version of Presence Services cannot be restored to an earlier 
version of Presence Services. 

Use restore. sh to restore a valid FROM version to a valid TO version of Presence 
Services. A valid FROM is a version from which you upgrade or rollback Presence Services, 
while a valid TO is a version to which you downgrade or upgrade Presence Services, 
restore. sh migrates data automatically, even between releases. For example, upgrade 
FROM 6.1.5 TO 6.2.0 is supported, but an upgrade FROM 6.1.0 to 6.2.0 is not supported. 
For more information about the supported upgrades, see the latest release notes on the 
Avaya Support Web site at, http://support.avaya.com . 

When run without any options, restore.sh displays the state of the 
PRESENCE_ARCHIVE_DIR environment variable and lists the contents of the archive 
directory. 

Options 

-f <filename> This option is mandatory. You must name the archive file that you want to 
restore. If you do not specify the path component then the system assumes 
that the archive resides in the archive directory. If you run restore.sh without 
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any options, the system displays the name of the archive directory and the 
contents of the archive directory. You can use the 
PRESENCE_ARCHIVE_DIR environment variable to specify the archive 
directory. 


Environment 

PRESENCE_ARCHIVE_DIR 

Sets the archive directory. If you do not set an environment variable, then the system sets the 
archive directory to /var/presence/backup/archive by default. If you do not include a directory 
component along with the -f option, then restore.sh looks for the file in the archive directory. 

The transient settings of this environment variable are ineffective. The installation and archiving 
scripts ignore the variables unless sourcing /etc/profile sets it. 

Exit Status 

Returns 0 on success, something else on error. A return of 0 is not a completely reliable 
indicator of success. You must inspect the log file /var/log/presence/backup. log for 
errors. 

Example 

Assuming PRESENCE_ARCHIVE_DIR is unset 

• restore.sh — Displays that the name of the archive directory is /var/presence/ 
backup/archive and displays its contents. 

• restore.sh —f elvis.tgz — Restores /var/presence/backup/archive/elvis . tgz. 

• restore.sh -f ./elvis.tgz — Restores elvis.tgz in the current directory. 

Assuming PRESENCE_ARCHIVE_DIR is set to /tmp 

• restore.sh — Displays that the name of the archive directory is / tmp and displays its 
contents. 

• restore.sh -f backup_2009_11_16_13_05_43.tgz — Restores /tmp/ 
backup_2007_11 _16_13_05_43.tgz. 

• restore.sh -f ./backup_2009_11_16_13_05_43.tgz — Restores 
backup_2009_11_16_13_05_43.tgz in the current directory. 


prescert tool 

Use the prescert tool tool to manage the local Presence Services keystore. The Presence 
Services installation uses the prescert tool to retrieve the required certificates from the System 
Manager server. You can also use the tool after the installation for adding and removing 
certificates. Additionally, using the prescert tool you can view the various prescert tool 
commands and specify the SCEP password. You must execute the command as a root 
user. 
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Syntax 

prescert <command>[PEM<PEM file>] [ALIAS<Keystore alias>] 

./prescert 


Description 

Presence Services supports any (valid) trusted certificate, for example it supports the following 
interfaces: 

•SIP 

• XMPP 

• Microsoft OCS 

• System Manager (RMI and Web services) 

•AES 

By default, Presence Services uses a single key certificate, which the Trust Management 
services within System Manager generates. Presence Services uses the following trust 
certificates: 

• The Avaya SIP certificate, which is used for trusting Avaya SIP elements, such as Avaya 
Aura® Session Manager. 

• The Avaya Aura® System Manager enterprise certificate. 

• Avaya Product Root CA certificate 

You can import additional trust certificates. For example, a certificate for interoperability with 
Microsoft OCS. 

Considerations 

Insert any considerations that the user be made aware of. 

Files 

Files are located in /opt/Avaya/Presence/presence/bin. 

Related topics: 

Specifying SCEP password using prescert tool on page 209 
Command summary on page 210 


Specifying SCEP password using prescert tool 

Procedure 

1. Log in to the Presence server as a root user. 

2. At the command prompt, type cd $PRES_HOME/presence/bin to go to the bin 
directory. 
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3. At the command prompt, in the $PRES_HOME/presence/bin directory, type . / 

prescert reconf igureAll sceppw xxx, where xxx is the SCEP password. 

4. To update the new configuration, restart Presence Services. 


Command summary 

The following table provides the list of commands that can be used to administer certificates 
and keys for Presence Services. 


Command 

Description 

Create 

Load new server and CA certificates into the 
local JKS keystore 

delete alias <alias-name> 

Delete an alias from the JKS keystore 

delete pem <pem-file-path> 

Delete a PEM file from the hard disk 

refresh alias <alias-name> 

Execute the create command if the alias in 
the JKS keystore is out of date 

verify alias <alias-name> 

Check an alias in the JKS keystore for 
expiration 

verify pem <pem-file-path> 

Check a PEM file on the hard disk for 
expiration 

import pem <pem-file-path> 

Import a PEM file into the JKS keystore 

export alias <alias-name> 

Extract the server private key and certificate 
from the JKS keystore to PEM files 

exportTS <pem-file-path> 

Extract trusted certificates from the JKS 
truststore to an PEM file with a generated 
filename in the /opt/Avaya/ 

Presence/j abber/xcp/certs 
directory 

list 

List the contents of the JKS keystore 

status 

Generate certificate status information from 
the JKS keystore into /opt/Avaya/ 
Presence/j abber/xcp/etc/ps- 
certs . csv for use by the presstatus tool 

reconfigureAll 

Create the JKS keystore and PEM files 

verifyCertificates 

Verifiy the certificates in the PEM files to 
ensure they are still in date 
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Command 

Description 

addTrusted pern <pem-file-path> [alias 
<alias-name>] 

Add a trusted certificate to the JKS keystore 
and trust PEM file 

removeTrusted alias <alias-name> 

Remove a trusted certificate from the JKS 
keystore and trust PEM file 


swversion.sh tool 

The swversion. sh tool is used to view the version of the Presence Services application and 
the embedded packages. 

Syntax 

[ . /swversion.sh] 

Description 

The swversion.sh is used to view the versions of the software installed by the Presence 
Services installation. You must execute the command as a root user. 

Example 

The following example shows a command that is used to view the versions of software, cd / 

opt/Avaya/Presence/presence/bin 

./swversion.sh 

O Note: 

To view all the available commands, use ./swversion.sh - -help. 

Example Output 

[root@ips23-105 bin]# ./swversion.sh --help 

Usage: swversion.sh [ -a | --all | -v | —verbose I -q | --quiet | 

-? I --help] 

Files 

Files are located in /opt/Avaya/Presence/presence/bin. 


getpslogs.sh tool 

Use the getpslogs . sh command tool to gathers all the required logs from the Presence 
server. You can then archive all the logs and create a zip file for a specified range of days. The 
default number of days (duration) for the logs is set as to 7. These logs, in turn, help the 
Presence Services support team to troubleshoot problems. 
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Related topics: 

Using the qetpsloqs.sh tool on page 212 


Using the getpslogs.sh tool 

Procedure 

1. Log in to the Presence server as a root user. 

2. Go to the / opt/Avaya/Presence/presence/bin directory. 

3. Run the command ./getpslogs.sh. 

The system archives the logs from /var/log, /var/lib/pgsql/data/ 
pg_log and opt/Avaya/Presence/jabber/xcp/var/log/ and generates 
the output. 


Related topics: 

qetpsloqs.sh tool on page 201 


changelP.sh tool 

About this task 

Using this tool, you can change the IP address stored in the Presence Services configuration 
files. You must execute the command as a root user. Change the IP address of the server 
(network interface) manually. The changelP. sh script only changes the IP addresses within 
the Presence Services product. 

Procedure 

1. Log in to the Presence server as a root user. 

2. Stop Presence Services by using the /opt/Avaya/Presence/presence/bin/ 

stop.sh command. 

A Warning: 

Before you proceed, verify that Presence Services has been stopped. To verify, 
use the monit summary command. 

3. Change the IP address of the server manually by using the vi /etc/sysconf ig/ 
network-scripts/ifcfg-ethO command. 

4. Modify the IPADDR field with the new IP address and then save the file. 

5. Restart network service by using the service network restart command. If 
you are using a remote shell session, you will lose the session on this IP. 
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6. Using a remote shell session, restart another session with the new IP. 

7. Go to the bin folder. For example: cd /opt/Avaya/Presence/presence/ 
bin. 

8. At the command prompt, type . /changelP. sh<old IP addressxnew IP 
address>. Presence Services starts automatically after you make the changes. 
For more information, see Quick reference commands. 

9. Log in to Presence Services Web Controller and verify that all the services are in a 
running state. 


Related topics: 

Quick reference commands on page 203 


updateLogLevel.sh tool 

Using the updateLogLevel. sh command line tool you can update or check the log level of 
Presence Services XCP Components dynamically without restarting Presence Services. You 
can verify the log level of the component by selecting various options, such as increase, 
decrease, or check. 

Syntax 

By default, the system can dynamically update log level of the following components: 


cm-1 

Connection Manager 

cm-2 

OCS Connection Manager 

sip-ps-1 

SIP Presence Server 

sip-proxy-1 

SIP Proxy 

sip-bulksub-1 

SIP Bulk Subscription Server 

CORE-ROUTER 

Core Router 


The following command arguments are available for the components: 


increase 

-i | --increase 

decrease 

-d | --decrease 

check 

-c | --check 


Related topics: 

Using the update log level tool on page 214 
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Using the update log level tool 

Procedure 

1. Log in to the Presence server as a root user. 

2. Go to the /opt/Avaya/Presence/j abber/xcp/bin directory. 

3. At the command prompt, type the command, . /updateLogLevel. sh 

For example, Connection Manager is cm-1 in a default installation. 

a. To increase the log level of the Connection Manager, at the command prompt, 
type . /updateLogLevel.sh cm-1 -i 

b. To decrease the log level of the Connection Manager, at the command prompt, 
type . /updateLogLevel.sh cm-1 -d 

c. To check the log level of the Connection Manager, at the command prompt, 
type . /updateLogLevel.sh cm-1 -c 

Example Output 

[localhost]# ./updateLogLevel.sh cm-1 -i 

cm-1 is now logging at level (WARNING) 


watchers.sh tool 

Using the watchers.sh command line tool, you can display the JIDs of active users being 
watched by JID or the JIDs of active users watching JID. 

Syntax 

./watchers.sh 


./watchers.sh --watching 
< j id> 

Displays the JIDs of active users being 
watched by JID. 

./watchers.sh --watched <jid> 

Displays the JIDs of active users watching 
JID. 

./watchers.sh [ --help | -help 

1 -? ] 

Displays this help page. 


Related topics: 

Using the watchers.sh tool on page 215 
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Using the watchers.sh tool 

Procedure 

1. To display JIDs of active users being watched by JID: 

a. Log in to the Presence server as a root user. 

b. At the command prompt, type cd $PRES_HOME/presence/bin to go to the 
bin directory. 

c. At the command prompt, in the $PRES_HOME/presence/bin directory, 
type . /watchers.sh --watching <jid>. 

For example, SIP client, user700000@pres.reg.avaya.com, subscribes to 

user7 00001@pres . reg. avaya. com. To check who is watched by 
user700000@pres.reg.avaya.com, type user700000@pres.reg.avaya.com 

for the <jid> in the above command. 

Output 

user700000@pres.reg.avaya.com is watching 

user700001@pres.reg.avaya.com 1 subscriptions 

1 users and 0 rosters 

2. To display JIDs of active users watching JID: 

a. Log in to the Presence server as a root user. 

b. At the command prompt, type cd $PRES_HOME/presence/bin to go to the 
bin directory. 

c. At the command prompt, in the $PRES_HOME/presence/bin directory, 
type. /watchers.sh --watched <jid>. 

For example, SIP client, user700000@pres.reg.avaya.com, subscribes to 

user7 00001@pres . reg. avaya. com. To check who is watching 
user700001@pres.reg.avaya.com, type user700001@pres.reg.avaya.com 

for the <jid> in the above command. 

Output 

Users watching user700001@pres.reg.avaya.com 

istdistributor@pres.reg.avaya.com 1 subscriptions 

user700000@pres.reg.avaya.com 1 subscriptions 

2 watchers 


configureNMS.sh tool 

Using Presence Services, you can send Simple Network Management Protocol (SNMP) traps 
to multiple Network Management System (NMS) for each alarm. To enable this, Presence 
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Services uses the System Manager spiritAgent. By default, Presence Services does not 
configure NMS. 

Syntax 

./configureNMS.sh 

Related topics: 

Using the confiqureNMS.sh tool on page 216 
Testing SNMP Trap/Alarm on page 217 


Using the configureNMS.sh tool 

About this task 

You can run the . /conf igureNMS . sh command directly from the command line as follows: 

Procedure 

1. To add the NMS: 

a. Log in to the Presence server as a root user. 

b. At the command prompt, type cd $SPiRiT_HOME/scripts to go to the 
scripts directory. 

c. At the command prompt, in the $SPiRiT_HOME/scripts directory, type . / 

configureNMS.sh [IP] [Port] [Community] . For example, ./ 
configureNMS.sh 10.0.0.2 162 public. 

The system displays the Entry for IP Address 10.0.0.2 added 
successfully message. 

d. Restart the spiritAgent service using the # service spiritAgent 
restart command. 

2. To remove the NMS: 

a. Log in to the Presence server as a root user. 

b. At the command prompt, type cd $SPiRiT_HOME/scripts to go to the 
scripts directory. 

c. At the command prompt, in the $SPiRiT_HOME/scripts directory, type . / 

configureNMS.sh -r [IP] [Port]. For example, . /conf igureNMS . sh 
-r 10.0.0.2 162. 

The system displays Entry for IP address 10.0.0.2 removed 
successfully. 

d. Restart the spiritAgent service using the # service spiritAgent 
restart command. 

3. To list all the configured NMS systems: 

a. Log in to the Presence server as a root user. 
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b. At the command prompt, type cd $SPiRiT_HOME/scripts to go to the 
scripts directory. 

c. At the command prompt, in the $SPiRiT_HOME/scripts directory, type . / 

configureNMS.sh -1. 

The system displays the configured NMS systems. 


Testing SNMP Trap/Alarm 

Procedure 

1. Log in to System Manager Web Console. 

2. On System Manager Dashboard, under Services, click Events . 

3. On the Events page, click Alarms in the left navigation pane. 

The system displays the alarms on the Alarming page. You can view the details of 
the alarm. 


generateTestAlarm.sh tool 

The generate test alarm command is used to test if alarms are working. Using the generate 
test alarms command you can ensure whether the Presence Systems are running properly. 
Later, you can clear the generated test alarm. 

Syntax 


./generateTestAlarm.sh 

Generates Test Alarm 

./generateTestAlarm.sh -c 

Clears Test Alarm 


Related topics: 

Using the generateTestAlarm.sh tool on page 217 


Using the generateTestAlarm.sh tool 

Procedure 

1. Log in to thePresence server as a root user. 
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2. At the command prompt, type cd $SPiRiT_HOME/scripts/utils to go to the 
utils directory. 

3. At the command prompt, in the $SPiRiT_HOME/scripts/utils directory, 
type . /generateTestAlarm.sh. 

The Test Alarm is generated. 

4. To clear the Test Alarm, use the . /generateTestAlarm. sh -c command. 
Example Output 

[root@ips23-105 utils]# ./generateTestAlarm.sh 
Test alarm generated. 

[root@ips23-105 utils]# ./generateTestAlarm.sh -c 
Clear event for test alarm generated. 


Using the setProductID.sh tool 

Procedure 

1. Log in to the Presence server as a root user. 

2. At the command prompt, type cd $SPiRiT_HOME/scripts/utils to go to the 
utils directory. 

3. At the command prompt, in the $SPiRiT_HOME/scripts/utils directory, 
type . /setProductID.sh PS [ProductID]. 

4. Restart the spiritAgent service using the # service spiritAgent restart 
command. 


Using the getProductID.sh tool 

Procedure 

1. Log in to the Presence server as a root user. 

2. At the command prompt, type cd $SPiRiT_HOME/scripts/utils to go to the 
utils directory. 

3. At the command prompt, in the $SPiRiT_HOME/scripts/utils directory, 
type ./getProductID.sh PS [ProductID]. 
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For example, if the product ID is 2244668800, then the system displays 
[2244668800] for [ProductlD], 


im_manager.sh tool 

The imjTianager script is installed in the folder /opt/Avaya/Presence/presence/bin. 
The imjTianager manages the IM Transcripts database. 

The imjTianager is a stand-alone command line tool to manipulate the Instance Message (IM) 
Archive database. You can use the tool to: 

• View the size of the IM database 

• Backup the IM database 

• Restore the IM database 

• Purge old data from the IM database 

You can run the imjTianager in the following modes: 

• Interactive mode. You can use a menu to run specific actions. 

• Command line mode. You can run command line arguments to perform specific actions. 
This allows you to automatically schedule backups and purges of the database. 

Related topics: 

Using Interactive mode on page 219 
Using Command line mode on page 222 


Using Interactive mode 

About this task 

You can use imjrianager without any command line arguments. 

Procedure 

1. Open an SSH session using PuTTY and log in to the Presence server as a root 
user. 

2. At the command prompt, type /opt/Avaya/Presence/presence/bin/ 
im manager.sh. 

The system opens the IM Transcripts Web Services Manager interface and displays 
the following options: 

a. Database size 

b. Backup database 
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c. Restore database 

d. Purge database 

e. Quit 


IK Transcript Web Service Manager 

1) Database size 

2) Backup database 

3) Restore database 

4) Purge database 
0) Quit 

□ 


3. Enter 1. 

The system returns the number of records in the database. For example: 


IK Transcript Web Service Manager 

1) Database size 

2) Backup database 

3) Restore database 

4) Purge database 
0) Quit 

1 

IM Transcripts database contains 0 records. 
Press return... 




4. Enter 2. 

The system writes a file to the users’ home directory (on Presence Services) with 
the complete contents of the IM Archive database. The file includes a date/time 
stamp so that old backups are not over written. For example: 
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IM Transcript Web Service Manager 

1) Database size 

2) Backup database 

3) Restore database 

4) Purge database 
0) Quit 

2 

Enter directory to write backup [/root] 

Backing up DB: /root/im_database_2013-05-03_14.00.18.dump 
- please wait 
0 records backed up. 

Press return... 


5. Enter 3. 

The system takes one of the archive files created by the backup tool and adds all 
the messages into the database. For example: 


IM 

Transcript Web Service 

Manager 

1) 

Database size 


2) 

Backup database 


3) 

Restore database 


4) 

Purge database 


0) 

Quit 


3 



Enter filename of dumped 

database, or empty string to return to menu 

No 

dump file entered. 


Press return... 

1 



6. Enter 4. 

The system removes old messages from the database. You must tell the tool which 
records it should keep based on the age of the message in full days. For example: 
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IM Transcript Web Service Manager 

1) Database size 

2) Backup database 

3) Restore database 

4) Purge database 
0) Quit 

4 

Enter number o£ days worth of records to keep. 
1 will keep only todays records 
0 will remove all records 
Empty string will return to menu 

0 

0 records removed. 

Press return... 

I 


7. Enter 0. 

The system quits the IM Transcripts Web Services Manager interface. For example: 


IM Transcript Web Service Manager 

1) Database size 

2) Backup database 

3) Restore database 

4) Purge database 
0) Quit 

0 

[rootGps-gis bin]# | 


Using Command line mode 

About this task 

You can also run im_manager directly from the command line. Using Command Line Interface, 
other scripts or scheduling utilities can automatically back up and/or purge the database. For 
example, cron. 
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Error Levels 

The system may return some of these values. 

• 0 - No error 

• 1 - Syntax error 

• 2 - Help displayed 

• 3 - Missing file 

• 4 -10 error 

• 5 - Command failed 

• 6 - Postgres not running 

• 99 - Internal error 


Changing the System Manager hostname on Presence 
Services 

About this task 

Perform this task when you change the hostname of your System Manager. 

Procedure 

1. Log in to the Presence server as a root user. 

2. Ensure that the new System Manager hostname is resolvable on Presence 
Services. 

3. To resolve the hostname, using the FQDN, ping System Manager from the 
Presence server and then ping Presence Services from the System Manager 
server. 

4. Alternately, you can add the hostname entry in the /etc/hosts file. For example, 
<System Manager IP> <System Manager FQDN> <System Manager Short 
Hostname>. 

5. Stop the DRS service on Presence server by performing the following commands: 

# monit stop drs# service drs stop 

6. Execute the changeSMGR.sh script located under $PRES_HOME/install/scripts/. 
For example, # . /changeSMGR. sh <new hostname of System Manager 
Xws portXnaming portXloginXpasswordXenroll passwords 
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7. Wait till Presence replica reaches the synchronized state. To verify the 
synchronized state, see the Replication section in System Manager Web 
Console. 

8. Verify the following changes: 

a. To test the alarm on the Presence server, use the generateTestAlarm. sh 
command, located under $SPiRiT_HOME/scripts/utils. 

b. To test the alarms System Manager, log in to System Manager Web Console 
as an administrator, and select the Events/Alarm section. 

© Note: 

Changing System Manager hostname means only changing the hostname of 
System Manager on Presence Services and not replacing the System Manager 
server. 


Related topics: 

Updating Presence Services entity link in Session Manager on page 224 
Updating client configuration on page 225 


Updating Presence Services entity link in Session Manager 

About this task 

If you have configured SIP entities for Presence Services on System Manager, then modify 
those SIP entities as follows: 

Procedure 

1. Log in to System Manager Web Console. 

2. On System Manager Dashboard, click Elements > Routing > SIP Entities. 

3. On the SIP Entities page, if the system displays Presence Services, click it in the 
Name column. 

The system displays the SIP Entity Details page. 

4. On the SIP Entity Details page, change the SIP Entity IP address to the new IP 
address, then click Commit. 
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Updating client configuration 

About this task 

Configure the client, such as Avaya one-X® Communicator, to use new Presence IP address 
as follows: 

Procedure 

1 ■ On the General Settings dialog box of Avaya one-X® Communicator, select IM and 
Presence on the left pane. 

2. Select the Enable Instant Messaging and Presence check box. 

3. In the Server field, enter the IP address of IM and Presence server. 

4. Click OK. 


Monit 

A service called monit regulates and monitors the activities of a number of services in Presence 
Services. You can access monit using a Web GUI or using a command line interface (CLI). 

Monit starts, stops, and monitors the following services in Presence Services: 

• xcp_sip_proxy 

• xcp_presence_model 

• xcp_presence_container 

• spiritAgent 

• log-harvester 

• postmaster (PostgreSQL server) 

• drs (Data Replication Service) 

• jabberd 

• cm (Extensible Communication Platform (XCP) Web page) 

• tomcat 

Under normal operating conditions, the monit service starts as soon as Presence Services 
starts. Monit monitors these services using a heartbeat method. Monit takes certain 
dependencies into account. This means that if Service A depends on Service B, monit starts 
Service B before starting Service A. The dependencies result in a controlled start-up order. 

The dependencies are as follows: 
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• spiritAgent depends on log-harvester 

• log-harvester depends on jabberd 

• jabberd depends on postmaster & DRS 

• DRS depends on postmaster 

Postmaster, tomcat, and cm do not depend on any other service. Monit can start Tomcat and 
cm without affecting another service on the system. If monit restarts DRS, then monit stops 
postmaster, log harvester, and spiritAgent. As soon as DRS has started and is running, monit 
starts postmaster, jabberd, log harvester, and spiritAgent. 

In addition to these services, monit monitors the following services in Presence Services, but 
does not directly start and stop them. The stop/start status of jabberd determines their stop/ 
start status: 

• xcp_connection_manager 

• xcp_sip_proxy 

• xcp_presence_model 

• xcp_presence_container 

Monit can also monitor a number of ports: 

• 5432 for postmaster 

• 7400 for jabberd 

• 7430 for webcam 

Monit saves logs to the /var/log/messages folder on the Presence server. A configurable 
filter called log-harvester determines which events should trigger an alarm and which events 
it should simply log as regular activity. 

Related topics: 

Viewing monit using a CLI on page 226 

Suspending and restarting the monitoring of a service on page 227 


Viewing monit using a CLI 

About this task 

Using the Presence server CLI, you can view a summary list of the status of all the monitored 
processes. Using the CLI, you can also display more detailed information about individual 
monitored processes. 

Procedure 

1. To display a summary, type monit summary. 

2. To display details, type monit status. 
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Suspending and restarting the monitoring of a service 

About this task 

If you need to perform an administration task on one of the monitored services, such as the 
PostgreSQL server, you must stop the monitoring of the service, perform the administration 
task, and then restart the monitoring of the service. If you do not stop the monitoring, monit 
continues to attempt to restart the service when it is offline for the maintenance. You can stop 
the monitoring of a service using the Presence server CLI. 

Procedure 

1. To suspend the monitoring of a service, for example, postgres: monit stop 
postgres. 

2. To restart the monitoring of a service, for example, postgres : monit start 
postgres. 


Checking your Presence Services license status 

Before you begin 

To log in to the command line interface (CLI) on the Presence server or to view and edit a file 
on the Presence server, you must use a terminal emulator application such as PuTTY. PuTTY 
is a Windows SSH client. Using PuTTY, you can gain access to Windows virtual machines. 
You can download PuTTY from http://www.chiark.qreenend.orq.uk/~scitatham/puttv/ 
download, htmi . 

Procedure 

1 . Log in to the Presence server as a craft user and then use the su command to 
obtain root access. 

2. On the command prompt, type $PRES_HOME/presence/bin/presstatus. 

3. Press Enter. 
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Network parameters 


Network parameters overview 

When you install a new Presence server, you must configure the network parameters to ensure 
that the new Presence server work with the other devices and end points in the network. To 
make the devices and end points that the server integrates with work successfully, you must 
change the following network parameters: 

• Primary DNS 

• Default gateway 

• Domain search list 

• Default netmask 

• Presence Services IP address 

• Presence Services hostname 

Network parameters control the interaction of all devices, such as communication ports. When 
you set the network parameters, you can enable secure network access using options, such 
as SSL and intercache communication. You can modify the network parameter configuration 
using the System Platform Web interface. 


Configuring network parameters 


Changing primary DNS 

Procedure 

1. Log in to the System Platform Web interface as an administrator, for example, 

https://<console domain IP address>/webconsole. 

2. On the System Platform dashboard, click Server Management > Network 
Configuration. 

3. On the Server Management page, in the General Network Settings section, 
change the value of primary DNS in the Primary DNS field. For example, change 

135 . 64 . 21.5 to 135 . 64 . 21 . 33 . 
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4. Click Save. The system displays the Changing network settings may require you 
to login again into web console. Are you sure? dialog box. 

5. Click OK to confirm. 


Verifying the primary DNS changes 

Procedure 

1. Log in to the Presence server as a craft user and then use the su command to 
change to root. 

2. To verify the changes, go to /etc/resolv. conf. For example, at the command 
prompt, type more /etc/resolv. conf . The system displays the new primary 
DNS value, for example, nameserver 135.64.21.33. 


Changing the default gateway 

Procedure 

1. Log in to the System Platform Web interface as an administrator, for example, 

https://<console domain IP address>/webconsole. 

2. On the System Platform dashboard, click Server Management > Network 
Configuration. 

3. On the Server Management page, in the General Network Settings section, 
change the value of the default gateway in the Default Gateway field. For example, 
change 135 . 64 . 21 . 1 to 135.64.21.3. 

4. Click Save. The system displays the Changing network settings may require you 
to login again into web console. Are you sure? dialog box. 

5. Click OK to confirm. 


Verifying the default gateway changes 

Procedure 

1. Log in to the Presence Services server as a craft user, and then use the su 
command to change to root. 

2. To verify the changes, go to the /etc/s ysconfig. net work-scripts /if cfg- 
ethO file. For example, at the command prompt, type more /etc/ 
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sysconfig.network-scripts/ifcfg-ethO. The system displays the new 
default gateway IP address. 


Changing the domain search list 

Procedure 

1. Log in to the System Platform Web interface as an administrator, for example, 

https://<console domain IP address>/webconsole. 

2. On the System Platform dashboard, click Server Management > Network 
Configuration. 

3. On the Server Management page, in the General Network Settings section, 
change the value of the domain search list in the Domain Search List field. For 
example, change du. rnd . avaya. com to ga. rnd . avaya. com. 

4. Click Save. The system displays the Changing network settings may require you 
to login again into web console. Are you sure? dialog box. 

5. Click OK to confirm. 


Verifying the domain search list changes 

Procedure 

1. Log in to the Presence server as a craft user and then use the su command to 
change to root. 

2. To verify the changes, go to the /etc/resolv. conf file. For example, at the 
command prompt, type more /etc/resolv. conf. The system displays the new 
domain search list value, for example, search ga.rnd.avaya.com. 


Changing the default netmask 

Procedure 

1. Log in to the System Platform Web interface as an administrator, for example, 

https://<console domain IP address>/webconsole. 

2. On the System Platform dashboard, click Server Management > Network 
Configuration. 
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3. On the Server Management page, scroll to Domain Network interface > Domain-0 
> avpublic. For the avpublic bridge, change the Netmask field. For example, 
change 255.255.255.0 to 255.255.254.0. 

4. Click Save. The system displays the Changing network settings may require you 
to login again into web console. Are you sure? dialog box. 

5. Click OK to confirm. 


Verifying the default netmask changes 

Procedure 

1. Log in to the Presence server as a craft user and then use the su command to 
change to root. 

2. To verify the new changes, go to the /etc/sysconf ig/network-scripts/ 
ifcfg-ethO file. For example, at the command prompt, type more /etc/ 
sysconfig.network-scripts/ifcfg-ethO. The system displays the new 
default netmask value. 


Changing the Presence Services IP address 

Before you begin 

Ensure that the new IP address of Presence Services is resolvable by System Manager. You 
can do this by adding the new Presence Services IP address to the /etc/hosts file on the System 
Manager Web interface or on the DNS server. 

Procedure 

1. Log in to the System Platform Web interface as an administrator, for example, 

https://<console domain IP address>/webconsole. 

2. On the System Platform dashboard, click Server Management > Network 
Configuration. 

3. On the Server Management page, scroll to Template Network Configuration > 
Global Template Network Configuration > IP address of the presence_va. 
Change the IP address of Presence by changing the value of the IP address of the 
presence_va field. For example, change 135.64.21.137 to 135.64.21.166. 

4. Click Save. The system displays the Changing network settings may require you 
to login again into web console. Are you sure? dialog box. 
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5. Click OK to confirm. 


Next steps 
© Note: 

After you change the Presence Services IP address, you must modify all the clients using 
the Presence Services IP to use the new Presence Services IP address and restart the 
system, if required. Also, you must modify all the Presence Services SIP Entity links with 
the new Presence Services IP address. 


Verifying the Presence Services IP address changes 

Procedure 

1. Log in to the Presence server as a craft user and then use the su command to 
change to root. 

2. To verify the changes, go to /etc/sysconfig/network-scripts/ifcf g- 

ethO. For example, at the command prompt, type vi /etc/sysconfig/ 
network-scripts/ifcfg-ethO. The system displays the new Presence 
Services IP address value. 


Testing the Presence Services IP address changes 

Test 1: Checking the components 
Procedure 

1. Log in to the Presence Services XCP Controller Web interface, for example, 

https://<Presence Services IP Address>:7300/admin. 

2. Scroll down to the Components section and ensure that all the Presence 
components are running. 


Test 2: Checking the test alarms 
Procedure 

1. Log in to the Presence server as a craft user and then use the su command to 
change to root. 

2. To verify that the system receives the test alarms, go to: $spirit_home/ 
scripts/utils/ 

3. Run the script, . /generateTestAlarm. sh. 
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4. Log in to System Manager Web Console. On the Home page, click Events > 
Alarming and check if the system receives test alarms. 


Test 3: Checking the replication 
Procedure 

1. Log in to the System Platform Web interface as an administrator, for example, 

https://<console domain IP address>/webconsole. 

2. On the Home page, click Services > Replication. On the Replication page, under 
Replica nodes, wait till the system acquires a synchronized status for the Presence 
replica. The replication is working correctly if the system acquires a synchronized 
state. 

For more information on SIP Entity links, see Administering Avaya Aura® Presence 
Services. 


Presence Services hostname changes 

Changing the Presence Services hostname on the System Platform deployments 
Procedure 

1. Log in to the System Platform Web interface as an administrator, for example, 

https://<console domain IP address>/webconsole. 

2. On the System Platform dashboard, click Server Management > Network 
Configuration. 

3. On the Server Management page, scroll to Template Network Configuration > 
Global Template Network Configuration > presence_va hostname. Change the 
Presence hostname by changing the value of the presence_va hostname field. 
For example, change pssv21167.du.rnd.avaya.com to 

pssv21166.du.rnd.avaya.com. 

4. Click Save. The system displays the Changing network settings may require you 
to login again into web console. Are you sure? dialog box. 

5. Click OK to confirm. 


Changing the Presence Services hostname in the non-System Platform deployments 
Procedure 

1. Log in to the Presence server as a craft user and then use the su command to 
change to root. 
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2. At the command prompt, type $PRES_HOME/presence/bin/ 
changePSFQDN.sh. 

3. To view the logs, type more /opt/Avaya/Presence-VA/psva/ps-sp- 
utils/SPchangeParam.log. 


Testing the Presence Services IP address changes 
Test 1: Checking the components 
Procedure 

1. Log in to the Presence Services XCP Controller Web interface, for example, 

https://<Presence Services IP Address>:7300/admin. 

2. Scroll down to the Components section and ensure that all the Presence 
components are running. 


Test 2: Checking the test alarms 
Procedure 

1. Log in to the Presence server as a craft user and then use the su command to 
change to root. 

2. To verify that the system receives the test alarms, go to: $spirit_home/ 
scripts/utils/ 

3. Run the script, . /generateTestAlarm. sh. 

4. Log in to System Manager Web Console. On the Home page, click Events > 
Alarming and check if the system receives test alarms. 


Test 3: Checking the replication 
Procedure 

1. Log in to the System Platform Web interface as an administrator, for example, 

https://<console domain IP address>/webconsole. 

2. On the Home page, click Services > Replication. On the Replication page, under 
Replica nodes, wait till the system acquires a synchronized status for the Presence 
replica. The replication is working correctly if the system acquires a synchronized 
state. 

For more information on SIP Entity links, see Administering Avaya Aura® Presence 
Services. 
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Reconfiguring the LPS client 
Procedure 

1. Log in to the Presence server as a craft user and then use the su command to 
change to root. 

2. Take a backup of LPS client file generic.keystore.jks. 

3. Replace the LPS client generic.keystore.jks file with the generic.keystore.jks of 
Presence Services, which is located under $pres_home/ jabber/xcp/certs/. 

4. Update the hostname name entry in the LPS .properties file with the new hostname 
value. 


Reconfiguring the SIP Tester client 
Procedure 

1. In the SIP tester client, take a backup of generic.keystore.jks file. 

2. Replace the SIP tester generic.keystore.jks file with the generic.keystore.jks of 
Presence Services, located under $pres_home/ jabber/xcp/certs/. 


Reconfiguring OCS 

To complete the reconfiguration for OCS, perform the following steps: 

1. Modifying the Presence server CA certificate to the Microsoft Edge Server Trusted 
Root certificates 

2. Modifying the OCS Edge IM service provider 

3. Adding New Host (A) 

4. Modifying the SRV record for new hostname 

5. Modifying a reverse pointer 

6. Testing DNS records from Microsoft Edge Server 

7. Restart the OCS Edge server 

Related topics: 

Adding New Host (A) on page 100 

Modifying the Presence server CA certificate to Microsoft Edge Server Trusted Root 

certificates on page 236 

Modifying the OCS Edge IM service provider on page 236 
Modifying the SRV record for a new hostname on page 237 
Modifying a reverse pointer on page 237 
Testing DNS records from Microsoft Edge Server on page 238 
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Modifying the Presence server CA certificate to Microsoft Edge Server 
Trusted Root certificates 

Procedure 

1. On the Presence Services server, locate the certificate with a name similar to export- 
xxx.trusts in the $pres_home/ jabber/xcp/certs directory, and copy to the 
Microsoft Edge server. 

2. Copy the export-xxx.trusts cerificate to the Microsoft Edge server. 

3. Import the new hostname certificates in Edge Server to Microsoft. To do so, perform 
the following: 

a. Click Start > Run. 

The system displays the management console window. 

b. Open Certificates Snap-in for Edge Server 

c. Open Certificates/Trusted Root Certification Authorities/Certificates. 

d. Remove the certificate may display as Default. 

4. Import the new hostname certificates in Edge Server to Microsoft 

a. Open Certificates Snap-in for Edge Server 

b. Open Certificates/Trusted Root Certification Authorities/Certificates. 

c. In the left-hand pane, click All Tasks > Import. 

The system launches the Certificate Import Wizard. Follow the steps of the 
Wizard and browse for the export-xxx.trusts file you copied in the earlier 
steps. 

d. Verify that the copied certificate is in the Certificates/Trusted Root Certification 
Authorities/ Certificates list. You may need to use the refresh button to update 
the list. The certificate may display as Default. 


Modifying the OCS Edge IM service provider 
Procedure 

1. Click Start > All Programs > Administrative Tools > Computer Management. 

The system displays the Computer Management window. 

2. In the left navigation pane, expand Services and Applications and then select 

Microsoft Office Communications 2007. 

3. Right-click Microsoft Office Communications 2007 and then click Properties. 

4. On the IP Provider tab, click Edit. 

5. In the Network address of the IM service provider Access Edge field, enter the 
new Presence Services FODN. 

6. Click OK. 
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Adding New Host (A) 

Procedure 

1. On the OCS DNS server, right-click the domain that you just created and select 

New Host (A). 

2. In the New Host dialog box, enter the Presence server name and IP address. For 
example, ipsdemo-ipsl. ipsdemo . com. 

3. Click Add Host > Done. 

0 Note: 

When you add New Host (A) in DNS, check the associated pointer. This 
associated pointer may eliminate the need to add the machine name to the 
Reverse Lookup Zone if that zone already exists. 


Modifying the SRV record for a new hostname 
Procedure 

1. Log in to the OCS DNS server. 

2. In the Service field, enter _sipfederationtls. 

3. In the Port number field, enter 5061 . 

4. In the Host offering this service field, enter the FQDN of the new Presence Service 
server hostname. 

For example, chat.pres.test.com or chat.example.com for the two example domains 
given earlier. 

5. Click OK and then click Done. 


Modifying a reverse pointer 
Procedure 

1. On the OCS DNS server, in the left navigation pane, select Reverse Lookup 
Zones > New Zone. 

2. Right-click on Reverse Lookup Zone. 

3. Find the Pointer (RTR) record for the IP address of Presence server. 

4. Double click the Pointer (RTR) record for the IP address of the Presence server, 
change the value in the Host name field with the new hostname of the Presence 
server. 
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Testing DNS records from Microsoft Edge Server 
Procedure 

1. Open a console on the Microsoft Edge. 

2. Run nslookup <FQDN for Presence Services>. 

The system displays the IP address of Presence Services. 

3. Run nslookup <IP address of Presence Services>. 

The system displays the FQDN of Presence Services. 

4. Run <JID domain of Presence Services>. 

The system displays the FQDN and IP address of Presence Services and port 
5061. 


Checking the outcome of the changed network parameters 

To see the outcome of the changed network parameters, see the SPchangeParam.log file. 

About this task 

Use this task when you want to check the results for any of the network parameter changes. 

Procedure 

1. Log in to the Presence server as a craft user and then use the su command to 
change to root. 

2. To view the logs, type more /opt/Avaya/Presence-VA/psva/ps- 
sp2utils/SPchangeParam.log. 


Configuring network parameters on the non-System Platform 
deployments 

Changing the DNS servers 

Procedure 

1. Log in to the Presence server as a cust user, and then use the su command to get 
root access. 


238 Administering Avaya Aura® Presence Services October 2013 

Comments? infodev(d>.avava.com 







Network parameters 


The Presence server might be in a running state and using the 
changeDNSServer. sh command does not stop Presence Services. 

2. At the command prompt, type /opt/Avaya/Presence/presence/bin/ 
changeDNSServer.sh -h. 

The system displays a Help window to show how to use the 
changeDNSServer. sh command. 

3. At the command prompt, type /opt/Avaya/Presence/presence/bin/ 
changeDNSServer.sh <DNS Server IP>. 

© Note: 

You can specify multiple DNS search domains by using a comma separated file. 
For example, /opt/Avaya/Presence/presence/bin/changeDNSServer.sh <DNS 
server IP1>,<DNS server IP2>. 


Changing a DNS search domain 

Procedure 

1. Log in to the Presence server as a cust user, and then use the su command to get 
root access. 

The Presence server might be in a running state and using the 
changeDomainSearchList. sh command does not stop Presence Services. 

2. At the command prompt, type /opt/Avaya/Presence/presence/bin/ 
changeDomainSearchList.sh -h. 

The system displays a Help window to show how to use the 
changeDomainSearchList. sh command. 

3. At the command prompt, type /opt/Avaya/Presence/presence/bin/ 
changeDomainSearchList.sh <DNS search domain>. 

C Note: 

You can specify multiple DNS search domains by using a comma separated file. 
For example, /opt/Avaya/Presence/presence/bin/changeDomainSearchList.sh 
<DNS search domain1>,<DNS search domain2>. 
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Changing an IP address of Presence Services 

Procedure 

1. Log in to the Presence server as a oust user, and then use the su command to get 
root access. 

2. Ensure that the Presence server is in a running state. For more information about 
restarting the Presence server, see Restarting the system on page 16. 

3. At the command prompt, type /opt/Avaya/Presence/presence/bin/ 
changelP.sh -h. 

The system displays a Help window to show how to use the changelP. sh 
command. 

4. At the command prompt, type /opt/Avaya/Presence/presence/bin/ 
changelP.sh <current IP address> <new IP address>. 

5. Enter Y when the system displays a message to continue with the configuration 
change. 

The changelP. sh command stops and restarts Presence Services. 


Changing the FQDN of Presence Services 

Procedure 

1. Log in to the Presence server as a cust user, and then use the su command to get 
root access. 

2. Ensure that the Presence server is in a running state. For more information about 
restarting the Presence server, see Restarting the system on page 16. 

3. At the command prompt, type /opt/Avaya/Presence/presence/bin/ 
changePSFQDN.sh -h. 

The system displays a Help window to show how to use the changePSFQDN. sh 
command. 

4. At the command prompt, type /opt/Avaya/Presence/presence/bin/ 
changePSFQDN.sh <new FQDN of Presence Services>. 

5. Enter Y when the system displays a message to continue with the configuration 
change. 

The changePSFQDN. sh command stops and restarts Presence Services. 
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Changing the IP address and FQDN of Presence Services together 

Procedure 

1. Log in to the Presence server as a oust user, and then use the su command to get 
root access. 

2. Ensure that the Presence server is in a running state. For more information about 
restarting the Presence server, see Restarting the system on page 16. 

3. At the command prompt, type /opt/Avaya/Presence/presence/bin/ 
changePSFQDN.sh -h. 

The system displays a Help window to show how to use the changePSFQDN. sh 
command. 

4. At the command prompt, type /opt/Avaya/Presence/presence/bin/ 
changePSFQDN.sh Knew FQDN of Presence Services> <new IP 
address of Presence Services>. 

5. Enter Y when the system displays a message to continue with the configuration 
change. 

The changePSFQDN. sh command stops and restarts Presence Services. 


Changing Network Mask 

Procedure 

1. Log in to the Presence server as a cust user, and then use the su command to get 
root access. 

2. Ensure that the Presence server is in a running state. For more information about 
restarting the Presence server, see Restarting the system on page 16. 

3. At the command prompt, type /opt/Avaya/Presence/presence/bin/ 
changeNetMask.sh -h. 

The system displays a Help window to show how to use the changeNetMask. sh 
command. 

4. At the command prompt, type /opt/Avaya/Presence/presence/bin/ 
changeNetMask.sh <new network mask>. 

5. Enter Y when the system displays a message to continue with the configuration 
change. 

The changeNetMask. sh command stops and restarts Presence Services. 
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Changing the Gateway IP address for Presence Services 

Procedure 

1. Log in to the Presence server as a oust user, and then use the su command to get 
root access. 

2. Ensure that the Presence server is in a running state. For more information about 
restarting the Presence server, see Restarting the system on page 16. 

3. At the command prompt, type /opt/Avaya/Presence/presence/bin/ 
changeGW.sh -h. 

The system displays a Help window to show how to use the changeGW.sh 
command. 

4. At the command prompt, type /opt/Avaya/Presence/presence/bin/ 
changeGW.sh <new Gateway IP address>. 

5. Enter Y when the system displays a message to continue with the configuration 
change. 

The changeGW.sh command stops and restarts Presence Services. 


Changing the timezone for Presence Services 

Procedure 

1. Log in to the Presence server as a cust user, and then use the su command to get 
root access. 

2. Ensure that the Presence server is in a running state. For more information about 
restarting the Presence server, see Restarting the system on page 16. 

3. At the command prompt, type /opt/Avaya/Presence/presence/bin/ 
changePSTimezone.sh -h. 

The system displays a Help window to show how to use the 
changePSTimezone. sh command. 

4. At the command prompt, type /opt/Avaya/Presence/presence/bin/ 
changePSTimezone.sh <Continent/Capital>. 

5. Enter Y when the system displays a message to continue with the configuration 
change. 

6. Click Yes if you want to restart the Presence server, or click No if you want to restart 
the Presence server later. 
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Changing an enrollment password 

Procedure 

1. Log in to the Presence server as a oust user, and then use the su command to get 
root access. 

The Presence server might be in a running state and using the 
changeEnrollmentPassword.sh command does not stop Presence Services. 

2. At the command prompt, type /opt/Avaya/Presence/presence/bin/ 
changeEnrollmentPassword.sh -h. 

The system displays a Help window to show how to use the 
changeEnrollmentPassword. sh command. 

3. At the command prompt, type /opt/Avaya/Presence/presence/bin/ 
changeEnrollmentPassword.sh Knew enrollment password>. 


Changing the System Manager FQDN 

About this task 

Use the changeSMGR. sh command only when you change the System Manager FQDN. The 
changeSMGR. sh command does not support reconfiguration of Presence Services to use a 
new System Manager. 

Procedure 

1. Log in to the Presence server as a cust user, and then use the su command to get 
root access. 

2. Ensure that the Presence server is in a running state. For more information about 
restarting the Presence server, see Restarting the system on page 16. 

3. At the command prompt, type /opt/Avaya/Presence/presence/bin/ 
changeSMGR.sh -h. 

The system displays a Help window to show how to use the changeSMGR. sh 
command. 

4. At the command prompt, type /opt/Avaya/Presence/presence/bin/ 
changeSMGR.sh Knew System Manager FQDN> [-w Kwebservices 
port>] [-n Knaming port] [-1 <login>] [-p <password>] [-e 
Kenrollment passwords]. 

The changeSMGR. sh command stops and restarts Presence Services. 


Administering Avaya Aura® Presence Services 


October 2013 243 





Maintenance Operations 


Changing an AES IP address 

About this task 

Use this procedure to change an AES IP address. If you did not configure AES on Presence 
Services, the changeAESJP.sh command will be ineffective. 

Procedure 

Log on to the XCP Controller Web interface, to change the AES IP address for the 
Software-only deployments. 


Changing an Alternative WebLM FQDN on Presence Services 

About this task 

Use this procedure to change an alternative WebLM FQDN. .If you did not configure Alternative 
WebLM on Presence Services, the changeAltWebLM. sh command will be ineffective. 

Procedure 

Log on to the XCP Controller Web interface, to change the alternative WebLM FQDN 
for the Software-only deployments. 


Changing a Session Manager IP address on Presence Services 

About this task 

If you configured more than one Session Manager on Presence Services, the 
changeSM_IP. sh command is ineffective. 

Procedure 

1. Log in to the Presence server as a cust user, and then use the su command to get 
root access. 

2. Ensure that the Presence server is in a running state. For more information about 
restarting the Presence server, see Restarting the system on page 16. 

3. At the command prompt, type /opt/Avaya/Presence/presence/bin/ 
changeSM_IP.sh -h. 

The system displays a Help window to show how to use the changeSM_lP. sh 
command. 
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4. At the command prompt, type /opt/Avaya/Presence/presence/bin/ 
changeSM IP.sh <new IP address of Session Manager>. 

The changeSM_iP. sh command stops and restarts Presence Services. 


Changing a Session Manager FQDN on Presence Services 

About this task 

If you configured more than one Session Manager on Presence Services, the 
changeSM_FQDN. sh command is ineffective. 

Procedure 

1. Log in to the Presence server as a cust user, and then use the su command to get 
root access. 

2. Ensure that the Presence server is in a running state. For more information about 
restarting the Presence server, see Restarting the system on page 16. 

3. At the command prompt, type /opt/Avaya/Presence/presence/bin/ 
changeSM FQDN.sh -h. 

The system displays a Help window to show how to use the changeSM_FQDN. sh 
command. 

4. At the command prompt, type /opt/Avaya/Presence/presence/bin/ 
changeSM FQDN.sh <new FQDN of Session Managers. 

The changeSM_FQDN. sh command stops and restarts Presence Services. 


Certificate configuration 


Refreshing Presence Services certificates for System Manager 

Use the changeSMGR.sh tool to refresh the presence certificate configuration for System 
Manager. 

Syntax 

changeSMGR.sh <new SMGR FQDN> [-w <ws port>] [-n <naming port>] [-1 <login>] [-p 
<password>] [-e <enrollment passwords] 
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Files 

Files are located in /opt/Avaya/Presence/presence/bin. 


Creating new certificates in the Presence server 

About this task 

The prescert tool is inside the /opt/Avaya/Presence/presence/bin folder. The bin 
folder contains the changeSMGR.sh script that you can use to update the certificates in System 
Manager. 

Procedure 

1. Log in to the Presence server as a root user. 

2. Navigate to the bin folder. For example, type cd /opt/Avaya/Presence/bin. 

3. For more information on the prescert tool, at the command prompt, type sh 

prescert. 

The system displays a list of commands to modify or update a Presence 
certificate. 

4. To create new certificates, at the command prompt, type sh prescert create 
sceppw xxx, where xxx is the SCEP password. 

The create new certificate script updates the certificates in the System Manager 
trust management system. For any reason, if the system does not update the 
certificates, use the changeSMGR.sh tool. For more information, see Refreshing 
Presence Services certificates for System Manager on page 245. 
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Overview - Load Balancing 

When you install Presence Services, the system automatically creates a single Presence 
server component. The single Presence server component is called a single-node 
configuration. If you select the Load Balancing option, Presence Services uses an internal 
algorithm to evenly distribute the load on the SIP Presence server nodes. You cannot manually 
manage the assignments. 

You can select the Load Balancing option during the Presence Services installation. 

O Note: 

If you do not select the load balancing option during the installation, the system becomes a 
single-node configuration system. If you select the load balancing option during the 
installation, the system becomes a multi-node configuration system. A multi-node 
configuration is also known as a cluster configuration. Currently, Presence Services 
supports only up to eight nodes per cluster. 


Selecting the Load Balancing option during the Presence 
Services installation 

When you select the Load Balancing option during the Presence Services installation, which 
is a part of the multi node cluster, the system creates the load balance configuration for the 
Presence server node. 

O Note: 

Presence Services supports a maximum of eight nodes per cluster. 

The mandatory naming conventions that you must use for a node and cluster are as follows: 


Node 

number 

Realm name 

JSM name 

Provisioning admin user name 

1 

presencel 

jsm-1. presencel 

cluster-prov-nodel 

2 

presence2 

jsm-1.presence2 

cluster-prov-node2 
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Node 

number 

Realm name 

JSM name 

Provisioning admin user name 

3 

presence3 

jsm-1.presence3 

cluster-prov-node3 

4 

presence4 

jsm-1.presence4 

cluster-prov-node4 

5 

presence5 

jsm- 1 . presences 

cluster-prov-node5 

6 

presence 6 

jsm- 1 .presence 6 

cluster-prov-node 6 

7 

presence7 

jsm-1.presence7 

cluster-prov-node7 

8 

presence 8 

jsm- 1 .presence 8 

cluster-prov-node 8 


Configure a set of Router to Router (R2R) components so that each node in the cluster is 
connected to the other node in the cluster. R2R connections are bidirectional and you must 
that you have a fully meshed R2R network setup. 

Use the following formula to calculate the number of R2R components within a cluster: 

(N x (N-l))/2 

Where N ranges between two and eight. For example: 


Cluster nodes 

Formula (Nx(N-1))/2 

R2R components 

2 

( 2 x ( 2-1 ))/2 

1 

3 

( 3 x (3-1 ))/2 

2 

4 

( 4 x (4-1 ))/2 

6 

5 

( 5 x (5-1 ))/2 

10 

6 

( 6 x ( 6-1 ))/2 

15 

7 

( 7 x (7-1 ))/2 

21 

8 

( 8 x ( 8-1 ))/2 

28 


Sample R2R configuration: 

You must change the configuration settings after the installation. To do so: 

• Change the presence container component configuration 

• Configure the Single Domain Name Support component 

• Configure the R2R component 

• Change the JSM component configuration 

O Note: 

Do not add H.323 and SIP end points using System Manager Web Console until you 
successfully change the configuration settings. If you do so, see the Presence Services 
cluster solution overview appendix. 


248 Administering Avaya Aura® Presence Services 

Comments? infodev(d>.avava.com 


October 2013 























Selecting the Load Balancing option during the Presence Services installation 


Related topics: 

Installing Presence Services nodes with the Load Balancing option on page 249 

Configuring LPS in a cluster on page 259 

Configuring Presence Services for load balancing on page 260 


Installing Presence Services nodes with the Load Balancing option 

About this task 

For information on how to install Presence Services, see Implementing Avaya Aura Presence 
Services. 

Procedure 

1. On the Presence Services Configuration screen, enter the following details: 

a. Router Service Name 

b. Router Realm 

c. Router Cluster 

d. Server IP Address 

2. On the Presence Components screen, select the Load Balancing Support option 
and click Next. 
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] ir > 06 . 01 . 00 . 00-0 

AVAyA _ 

Presence Components 

Please select the Presence Services (PS) components you wish to enable 

Main Components 

0 Coilecior/Oistributor Support 
K Session Manager Integration 
0 SIP Client Support 

✓ XMPP-IM Functionality 

✓ Load Balancing Support 

Collectors: 

□ AES Collector Component 
f"l SES Collector Component 
I I PTC Collector Component 
D XMPP Collector Component 
I I Sametime Collector Component 

Distributors: 

f ) Sametime Distributor Component 



Help Previous Next | Quit 


3. On the Load Balancing Configuration screen, enter the details for the Presence 
Session Manager (JSM) and then click Next to continue with the installation. 
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O Note: 

Each Presence Services node has a presence-container component with load 
balancing enabled. In the sample configuration mentioned in the screenshot, the 
cluster is named as clusterl. The three Presence Services nodes are configured 
with realms, presencel, presence2, and presence3. Each realm has a JSM, for 
example, jsm-1 .presencel, jsm-1 .presence2, and jsm-1 .presence3. The 
presence-container configuration also contains a configuration parameter 
specifying the local JSM for the Presence Services node. The order of the JSM 
list is important as the order specifies the node number for each Presence 
Services node. 
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Post-installation configuration 

Modifying the presence container component configuration 
About this task 

On each of the Presence Services node, you must modify the JID of a provisioning-admin user. 
The JID of a provisioning-admin user is a hidden configuration parameter within the presence 
container configuration. 

Procedure 

1. Log in to the Presence server as a root user. 

2. Go to the /opt/Avaya/Presence/jabber/xcp/etc directory. 

3. Edit the presence-container-1 .xml file and make the following changes: 

<config xmln3="http://www.jabber.com/config/presence-container"> 

<apas sip-componenz-lisz="sip-p3-l.presence 1 sip-bulksub-l.presencel 
cm-2.presencel cm-2_s2sep-l.presencel rims.presencel 
temp-subscriber.presencel authz-jsml.presencel" 

external-f ederaced-dcaiain3="ocsr2ads v. cccn"> 

<metrics-filename>/trrp/ips/logs/IPS_Metrics.log</metrics-filename> 
<metrics-enabled>0</mecric3-enabled> 

<metrics-reporting-interval>3600</metrics-reporting-interval> 

</apas> 

<pantherclient host="svsmsmgr.du.rnd.avaya.com" wsPort="443" 
namingPort="1399" login="system" passwora="system" secure="true"/> 

<licensing poll="300" renew="300" serviceSuffix="/KeblM/LicenseServer" 

/> 

<db dbType="Postgres" dbHost="localhost" dbPort="5432" 
dbUserName=”presence_user" dbPassword="presencel23" dbName="presence” 
dbSchema=”avaya_system_data"/> 

<replicator regHost=”localhost" regPort="2009" exportPort='O' 
sslOn='true'/> 

<domainconverter/> 

<umc resyncInterval="36400"/> 

< !— START-LOAD_ENABLE —> 

<region> 

<moduloAlgorithm localJsm="jsm-1.presencel"> 

<mappedHost>j sm-1.presencel</mappedHost> 

<mappedHost>jsm-l.presence2</mappedHost> 

<mappedHost>jsm-l.presence3</mappedHost> 

</n»duloAlgorithm> 

</region> 

<!— END-LQAD_ENA3LE —> 

<aclstorage cacheSize="1000"/> 

<provisioning adminUserId="cluster-prov-node10presence.ca.avaya. ccp»"/> 

</config> 


Change the configuration parameter, adminUserld, to include the number of the 
node associated with the provisioning admin user. For example, in the three nodes, 
cluster node 1 has a realm of presencel, node has a realm of presence2, and node 
3 has a realm of presence 3. Thus, change the provisioning admin user to as cluster- 
prov-node1@resence.ca.avaya.com on node 1; cluster-prov- 
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node2@resence.ca.avaya.com on node 2; and cluster-prov- 
node3@resence.ca.avaya.com on node 3. 


Configuring the Single Domain Name Support (SDNS) component 
Procedure 

1. Log in to Presence Services Web Controller. 

2. In the Components area, click Edit next to the SDNS component. The system 
displays the Single Domain Name Support Configuration page. 



3. In the Single Domain Name Support section, set the Runlevel field to 5. The system 
starts the SDNS component prior to other components in the Presence Services 
Web Controller system. 
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ingle Domain Name Su 




uration 


Single Domain Name Support 

ID 

Description 

Runlevel 

Timeout for shutdown 

[^Component Properties 

Number of packets buffered when component is down 
Bounce error packets to stderr 


sdns-1.presence 
Single Domain Marne SupJ 
5 

1 60 
512 

Yes vjl- 


K -4iJBfty.tff Oillb QUIltl CgRQectiQgJLn. fOima liog Cl.e-^BOPtCf.CQn .qfiqsJfi. cgeiPflrieptJ 


4. In the Single Domain Name Support Configuration section, perform the following: 

a. Set the Number of threads to dedicate to Single Domain Name Support tasks 
field to 6. 

b. Select Modulo Mapping Algorithm. 

c. In the Components field, enter the three JSMs that you created earlier. 


Siri'glfc'ObrftafflTraffi'e Sf/pptfrt'CTm f k<TrforY^' 




Numb«r of threads to dedicate to Single Domain Name Support tasks 

Select exactly one of the following options: 

|3 

' 

Modulo Mapping Algorithm 



Library 

sdns_algonthms so 


Load 

modulo.mapper 


Algorithm Input Generator 


' 

Library 

sdns_algonthms so 


Load 

Map 

slandard_algo_ir>put v 


Use component presence 

To 

Components 

No v - 


!D(»): 

; ss-!.presence! 
;sn-!. presence! 

» 

j 

.»«■ «» » ■«» —.-v>—.1 

;sc-i.presences 



5. To save the changes, click Submit. 


Configuring the Router to Router component 
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Procedure 

1. Log in to the Presence Services XCP Controller Web interface. 

2. Select the Advanced configuration view. 

3. In the Components area, from the Add a new drop-down list, select Router-to- 
Router Connection and then click Go. 


The system displays the Router-to-Router Connection Configuration page. 

4. In the Router-to-Router Connection section, set the Runlevel field to 10 . 

5. In the Router Outbound Connection Information section, perform the following: 

a. In the Component IP field, enter the IP address of the remote peer node. 

b. In the Password field, enter the password. 

c. Confirm the password. 

d. Ensure that the Connection weight field is set to 1. 



Status 


Running 


Running 


Running 


Running 


I Connection Manager 
Active Directory Component 
Presence Directory Suite (JDS) 
Message Archiver 
OpenPort 


Router-to-Router Connection 


Single Domain Name Support 
SIP Bulk Subscription Server 
SIP Presence Server 
Authorization Manager 
SIP Proxy 


»*-**.- 
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Router OufBouhd Connection lnformation (T.e.^ R6uteFconriecfsfo anoL 

148 147 fl 

5 


Component IP 
Port 

Password 
Confirm Password 
Connection weight 

Buffer size in bytes for outgoing data 
Buffer size in bytes for incoming data 
Log the delivery of packets to this component 

(Disable this option for logging components such as the Message Archiver.) 


Submit | [ Reset | | Cancel 


7400 


1 

65535 
65535 
Yes v 




6. To save the changes, click Submit. 


Changing the Router to Router password 

Changing the Router to Router password using the Web interface 
Before you begin 

Stop the Presence server. 

Procedure 

1. Log on to the XCP Controller Web interface of the target Presence Services. For 
example, PS2. 

2. Click Edit next to Global router settings. 

3. Select the Intermediate view. 

4. In the Master Accept Port section, in the Password field, enter a password. 

5. In the Confirm Password field, enter the password again. 

6. To save the changes, click Submit. 


Changing the Router to Router password using CLI 
Procedure 

1. Open an SSH session using PuTTY and log on to the Presence server. 

2. Stop Presence Services using the /opt/Avaya/Presence/presence/bin/ 
stop. sh command. 
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3. At the command prompt, type cd /opt/Avaya/Presence/jabber/xcp/ 
etc/ to go to the XCP configuration directory. 

4. Open the global.xml file by using the open global (vi) command and find the 
<secret> element. For example, <secret 
type="1">bmV3X3Rlc3RfcGFzc3dvcmQ=</secret> 

5. Copy the content of the <secret> element. For example, 
bmV3X3Rlc3RfcGFzc3dvcmQ=. 

6. Edit the configuration file for Web CM by performing the following steps: 

a. At the command prompt, type vi web-cm.xml. 

The system displays the contents of the Web CM file. 

b. In the <secret> element, paste the hashed value of the password that you noted 
in the earlier steps. 

For example, 

<handler id="webcp_confighandler-1" lib="config_handler.so" 
load="config_handler"> 

<connection type="connect" xmlns = "http://www.j abber.com/config"> 
<host>l92.168.74.48</host> <port>74 00</port> 

<secret type="1">bmV3X3Rlc3RfcGFzc3dvcmQ=</secret> 

</connection> 

c. Save the web-cm.xml file. 

7. Repeat the same steps for the CM and RLMS component. 

O Note: 

For the RLMS component, enter a plain text password value into the jabberSecret 
attribute. 

8. Start Presence Services using the /opt/Avaya/Presence/presence/bin/ 
start. sh command. 

Edit the password on the R2R component of the Open the XCP Controller Web 
interface on PS1. Edit the Jabber Port components or go to CLI and enter hashed 
value in the jabber-port-1 .xml files. 

9. Repeat the same steps to change the password on the R2R component of the 
originating Presence Services. For example, PS1. Change the hashed value in the 
jabber-port-1 .xml. 

© Note: 

In a load balancing configuration that has multiple R2R connections to a single 
Presence Services instance, you must change the R2R password on each 
node. 

If some of the components do not work, check the configuration for the router 
connection and adjust the secret password. 


Administering Avaya Aura® Presence Services 


October 2013 257 



Load Balancing 


Modifying JSM configuration 
About this task 

To provision users on a node, you must define the provisioning-admin user in the admin user 
list of a JSM. 

Procedure 

1. Log in to the Presence Services XCP Controller Web interface. 

2. Select the Advanced configuration view. 

3. In the Routers area, click Edit next to the JSM component. 



The system displays the Presence Session Manager Configuration page. 

4. In the Presence Administrators field, add the component name from each of the 
other remote nodes in the cluster and add the provisioning-admin user from each 
of the remote Presence Services nodes. 


V Presence Administrators 

Add/remove administrators as needed. 

Admmistrator(s): 


[? System 1 imit s 

These options control system usage. 

Maximum number of sessions a single user (JID) can 
open at a time 

Gf]System Parameters 

The example shows replacing provisioninq-admin@presence.ca.avaya.com with 
provisioning.presencex, where x is the node number. 

For example, cluster-prov-node1@presence.ca.avaya.com 

provisioning, presencel, 

cluster-prov-node2@presence.ca.avaya.com 

provisioning.presence2, 
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cluster-prov-node3@presence.ca.avaya.com 
provisioning.presence3. 

5. To save the changes, click Submit. After you make changes across all the 
Presence Services nodes, restart each Presence Services node individually to 
make the cluster operational. 


Configuring LPS in a cluster 

About this task 

Configuring LPS in a cluster deployment is similar to the standalone deployment of Presence 
Services. However, when you configure LPS, you must perform an additional step of modifiying 
the JSM presence administrator list in the JSM component configuration. Modifying the JSM 
presence administrator list in the JSM component configuration ensures that the LPS client 
can gain access to the user data on each node. 

Procedure 


1. Log on to the Presence Services XCP Controller Web interface. 

2. Select the Advanced configuration view. 

3. In the Routers area, click Edit next to Presence Session Manager. 

The system displays the Presence Session Manager Configuration page. 


4. In the Presence Administrators section, in the Administrator(s) field, add all sip- 
bulksub-1 ,<PS realms>. 


For example, a two-node cluster with PS node realms, bvw21 and bvw22, has two 
sip-bulksub-1 admins, sip-bulksub-1.bvw21 and sip-bulksub-1 .bvw22 


r" ^ *V “ • - * — - v' ‘ -'\j r • - / /v“ s w • d'V ■ •'V ■ 

W Presence Administrators 

Add/remove administrators as needed. 

Administrator(s): 


- '•s - 


jabberSprea . ipa . 
sip-pa-l.bvw21 


sip-bulksub-l . bv 
sip-bulksub-l . bv 


cm-2_323cp-l.pre 
pres . ips . avaya . c 


W System Limits 

These options control system usage. 

Maximum number of sessions a single user (JID) can open at a time |i00 


5. Repeat the steps for each node in the Presence Services cluster. 
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6. To save the changes, click Submit. 

7. Restart Presence Services. 


Configuring Presence Services for load balancing 

You can enable load balancing during installation. Load balancing enables several Presence 
Services instances to work together in a cluster to improve the performance of the system. The 
Presence Services installer sets up an instance of the Secure Data Network System (SDNS) 
component and configures SDNS with the list of Presence Session Managers to distribute 
load. 

About this task 

This task enables the distribution of traffic across several servers for maximum performance 
during heavy load. 

Procedure 

1. Ensure that Presence Services instance in the cluster has a unique realm and 
shares the same cluster name. 

These settings are on the Presence Services configuration panel of the GUI 
installer. If you are using the silent installer, you can configure these settings using 
the ROUTER_REALM and ROUTER_CLUSTER parameters. 

2. Define the JSMs that process presence requests within the cluster and ensure that 
you enter the JSMs in the same order on all Presence Services instances. 

These settings are on the Load Balancing Configuration panel of the GUI Installer. 
If you are using the silent installer, you can configure these settings using the 
LOAD_JSM_1 to LOAD_JSM_8 parameters. 

G Tip: 

The following are examples of JSM IDs: 

jsm-l.presencel 

jsm-1.presence2 

jsm-1. presence3 

In these examples, jsm-1 is the component ID for the node and presenceX is the 
realm of node X. 

3. Ensure that all SDNS components on all nodes have the same configuration. 

4. Ensure that all presence-container components have the same module algorithm 
load balancing configuration. 
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The JSM lists must also be the same as for the SDNS components, including the 
order of the JSMs. 

5. Configure the router-to-router connections. 

Each node must have an R2R connection to every other node in the cluster to form 
a mesh topology. As R2R connections are bidirectional, if you set nodel to connect 
to node 2, you do not need to set node 2 to connect to node 1. When configuring 
R2R connections, use the following table: 



2 node 
cluster 

3 node 
cluster 

4 node 
cluster 

5 node 
cluster 

6 node 
cluster 

7 node 
cluster 

8 node 
cluster 

Node 

1 

R2R to 

2 

R2R to 2 

R2Rto2 
R2Rto 3 

R2R to 2 
R2R to 3 

R2R to 2 
R2R to 3 
R2R to 4 

R2Rto2 
R2Rto 3 
R2Rto4 

R2R to 2 
R2R to 3 
R2R to 4 
R2R to 5 

Node 

2 


R2R to 3 

R2Rto 3 
R2Rto4 

R2R to 3 
R2R to 4 

R2R to 3 
R2R to 4 
R2R to 5 

R2Rto 3 
R2Rto4 
R2Rto 5 

R2R to 3 
R2R to 4 
R2R to 5 
R2R to 6 

Node 

3 


R2R to 1 

R2Rto4 

R2R to 4 
R2R to 5 

R2R to 4 
R2R to 5 
R2R to 6 

R2Rto4 
R2Rto 5 
R2Rto 6 

R2R to 4 
R2R to 5 
R2R to 6 
R2R to 7 

Node 

4 



R2Rto 1 

R2R to 5 
R2R to 1 

R2R to 5 
R2R to 6 

R2Rto 5 
R2Rto 6 
R2Rto7 

R2R to 5 
R2R to 6 
R2R to 7 
R2R to 8 

Node 

5 




R2R to 1 
R2R to 2 

R2R to 6 
R2R to 1 

R2Rto 6 
R2Rto7 
R2Rto 1 

R2R to 6 
R2R to 7 
R2R to 8 

Node 

6 





R2R to 1 
R2R to 2 

R2Rto 7 
R2Rto 1 
R2Rto2 

R2R to 7 
R2R to 8 
R2Rto 1 

Node 

7 






R2Rto 1 
R2Rto2 
R2Rto 3 

R2R to 8 
R2Rto 1 
R2R to 2 

Node 

8 







R2Rto 1 
R2R to 2 
R2R to 3 


A cluster must have at least N-1 connections, where N is the number of Presence 
Services instances in the cluster, connecting the nodes to each other. Each node 
pair requires only one connection. For example, if node A has connection to node 
B, you do not need to configure the connection on node B to node A. Ensure that 
the configured connections create an unfragmented network that includes all the 
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nodes in the cluster. To ensure that the route is initialized before JSM, the runlevel 
for the component must be set to 7. 

6. Add all sip-bulksub components from the cluster to the Presence Administrators list 
of each JSM. 

© Note: 

Perform this step only if you are using LPS. 

C Tip: 

The following are the examples of sip-bulksubs: 
sip-bulksub-1 .presencel 
sip-bulksub-1 .presence2 
sip-bulksub-1 .presence3 

7. Ensure that all Presence Services instances list all JSMs in all locations and in the 
same order. 

You must configure at least one of the JSMs through the installer as setting a JSM 
through the installer configures other settings in the XCP correctly. 


Next steps 

Test the clustering capabilities before deploying Presence Services in a production 
environment. 


Converting a standalone Presence Services installation to a 
cluster installation 

About this task 
A Warning: 

This procedure is only valid if you want to convert an existing Presence Services single¬ 
node installation to a multi-node installation. In this scenario, you have an operational single 
node installation, and you want to add additional Presence Services nodes to create a multi¬ 
node cluster. If you have multiple Presence Services installations running at the same time, 
in a single domain, the multi-node conversion is not valid. Converting a set of separate 
Presence Services installations into a Presence Services multi-node cluster requires 
extensive re-configuration, involving realm renaming and component renaming, across all 
nodes in the cluster and, this process is not explained in this document. Unless you have 
created these separate Presence Services installations with distinct realms, perform a re- 
installation. 
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If you want to increase the capacity of a Presence Services system or want to balance the 
loads, you can convert a standalone Presence Services system to a multi-node (cluster) 
system. You can convert a single-node Presence Services installation to a clustered Presence 
Services system as Node! To do so, perform the following: 

Procedure 

1. Uninstall the standalone, also known as a single-node, Presence Services 
installation. For more information on uninstallation, see the Uninstallation chapter 
in Implementing Avaya Aura® Presence Services. 

2. Re-install Presence Services with Load Balancing option enabled. For more 
information, see the Selecting the load balancing option during the Presence 
Services installation on page 247 

3. Perform post-installation configuration procedures. For more information, see the 
Post-installation configuration section. 
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Appendix A: Reserved features for future 

use 


ACL scripts 


presuseracls tool 

Use the presuseracls tool to view, create, modify, or delete user level ACLs. To view the 
user level ACLs, run this script on the Presence server or on the System Manager server, as 
a root user. To create, modify, or delete user level ACLs, run this script on System Manager 
as a root user. If you choose to use the presuseracls tool on System Manager, copy the 
presuseracls script from the Presence server to the System Manager server. For more 
information, see Configuring Authorization ACLs on System Manager. 

Syntax 

. /presuseracls 


Usage 

Result 

./presuseracls 
<presentityloginname> 

Displays all the user level ACLs for the given 
presentityloginname. 

./presuseracls -c (--create) allow|block 
presentity watcher 

Creates an ACL 

./presuseracls -c (--create) allow|block 
presentity -ext watcher 

Creates an ACL for an external watcher 

./presuseracls -m (--modify) allow|block 
presentity watcher 

Modifies an ACL 

./presuseracls: -d (--delete) presentity 

Deletes all ACL for a presentity 

./presuseracls -d (--delete) presentity 
watcher 

Deletes all ACL for a presentity watcher pair 

./presuseracls --delete -allow 

Deletes all allow ACLs for each user 

./presuseracls --delete -block 

Deletes all block ACLs for each user 
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Usage 

Result 

./presuseracls --delete -all 

Deletes all ACLs for each user 

./presuseracls -p presentity 

Shows presentity ACL 

./presuseracls -w watcher 

Shows watcher referenced ACL 

./presuseracls —help 

Displays help page. 


Related topics: 

Using the presuseracls tool on page 266 


Using the presuseracls tool 

Before you begin 

Start an SSH session using PuTTY and connect to the Presence server or System Manager 
server using their IP addresses. 

Procedure 

1. To view user level ACLs: 

a. Log in to the Presence server as a root user. 

b. On the Presence server, navigate to the /opt/Avaya/Presence/ 
presence/bin folder. 

c. At the command prompt, type chmod +x presuseracls to change the 
presuseracls tool mode to an executable mode. 

d. Use one of the following: 

• Option 1. Type ./presuseracls <presentityloginname> and 

press Enter to display all the user level ACLs for a particular presentity 
login name. 

• Option 2. Type . /presuseracls and press Enter to display all the user 
level ACLs. 

2. To delete a user level ACL: 

a. Copy this script in a temporary folder on the System Manager server. For 
example, /tmp/directory. 

b. Log in to the System Manager as a root user. 

c. Run the command, chmod +x presuseracls, to convert the presuseracls 
to an executable. 

d. Get the presentityloginname information from the Presence Services for the 
ACL that needs to be deleted. 

e. Run ./presuseracls -d <presen tityloginname> to delete user level 
ACLs for a particular presentity login name. 

3. To create a user level ACL: 
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a. Copy this script in a temporary folder on the System Manager server. For 
example, /tmp/directory. 

b. Log in to the System Manager as a root user. 

c. Run . /presuseracls -c <allow> or <block> 
<presentityloginname> <watcherloginname> to create a user level 
ACL for a particular presentity watcher login name. 


Example 1: Show the user 55013's current list of ACLs by presentity 

(Note: domain is optional for show) 

[root@soalabal31 -]# ./presuseracls -p 55013 

presentity I pid | watcher | wid | ruletype | ruleid 

Iinfotype | updated 

- + - + - + - + - 

+-+-+-55013@aceaura. avaya. com | 1292 | 

55014@aceaura.avaya.com | 1293 | ALLOW | 181 | 50 | 2012-09-21 


10:39:41.835 




55013@aceaura.avaya.com| 1292 | dog2001@aceaura.avaya.com | 

| 50 | 2012-09-20 16:54:50.435 

150 

| ALLOW 

184 

55013@aceaura.avaya.com| 1292 | 55011@aceaura.avaya.com | 

| 50 | 2012-09-20 16:54:49.929 

229 

ALLOW | 

183 


(3 rows) 

Example 2: Show who is watching 55013: 

[root@soalabal31 -]# ./presuseracls -w 55013 

presentity I pid | watcher | wid | ruletype | ruleid 

Iinfotype| updated 

- + - + - + - + - 

+-+-+- 

55014@aceaura.avaya.com| 1293 | 55013@aceaura.avaya.com | 1292 | ALLOW | 180 

| 50 | 2012-09-20 17:14:15.6(1 row) 

Example 3: Modify a single presentity watcher pair ACL: 

[root@soalabal31 -]# ./presuseracls -m block 55013@aceaura.avaya.com 
55011@aceaura.avaya.com 
UPDATE 1 

root@soalabal31 ~]# ./presuseracls -p 55013 

presentity I pid | watcher | wid | ruletype | ruleid 

Iinfotype| updated 

- + - + - + - + - 

+-+-+- 


55013@aceaura.avaya.com| 

1292 | 

55014@aceaura.avaya.com | 

1293 

| ALLOW | 

181 

| 50 | 2012-09-21 10: 

: 39:41. 

.835 




55013@aceaura.avaya.com| 

1292 | 

dog2001@aceaura.avaya.com 

150 

| ALLOW | 

184 

| 50 | 2012-09-20 16: 

: 54:50. 

.435 




55013@aceaura.avaya.com| 

1292 | 

55011@aceaura.avaya.com | 

229 

| BLOCK | 

183 


| 50 | 2012-09-28 12:17:12.320265 

(3 rows) 


Example 4: Delete a single presentity watcher pair ACL: 

[root@soalabal31 ~]# ./presuseracls -d 55013@aceaura.avaya.com 
55011@aceaura.avaya.com 
DELETE 1 

[root@soalabal31 -]# ./presuseracls -p 55013 

presentity I pid | watcher | wid | ruletype | ruleid 

Iinfotype| updated 

- + - + - + - + - 

+ - +-+- 
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55013@aceaura.avaya.com| 

1292 | 

55014@aceaura.avaya.com | 

1293 

| ALLOW | 

181 

| 50 | 2012-09-21 10: 

: 39:41. 

.835 




55013@aceaura.avaya.com| 

1292 | 

dog2001@aceaura.avaya.com 

150 

| ALLOW | 

184 


| 50 | 2012-09-20 16:54:50.435 

(2 rows) 


Example 5: Create a single presentity watcher pair ACL: 

[root@soalabal31 ~]# ./presuseracls -c allow 55013@aceaura.avaya.com 
55011@aceaura.avaya.com 
INSERT 0 1 

[root@soalabal31 ~]# ./presuseracls -p 55013 

presentity | pid | watcher | wid | ruletype | ruleid 

|infotype| updated 

- + - + - + - + - 

+-+-+- 

55013@aceaura.avaya.com| 1292 | 55014@aceaura.avaya.com | 229 | ALLOW | 195 

| 50 | 2012-09-28 12:19:50.899063 

55013@aceaura.avaya.com| 1292 | dog2001@aceaura.avaya.com | 12931 ALLOW | 184 

| 50 | 22012-09-21 10:39:41.835 

55013@aceaura.avaya.com| 1292 | dog2001@aceaura.avaya.com | 150 | ALLOW | 184 

| 50 | 2012-09-20 16:54:50.435(3 rows) 


User default ACL policy script 

Use the . /user-default-acl-policy . sh script as a root user to view, create, and delete 
the default ACL settings for a user. Use PuTTY to open an SSH session and connect to the 
System Manager server. The default location of the . /user-default-acl-policy . sh on 
the Presence server is, /opt/Avaya/Presence/presence/bin. Use the chmod +x ./ 
user-default-acl-policy. sh command to change the mode to an executable mode. 

To run the script from System Manager, copy the script from the Presence server using a file 
transfer client and copy the script on System Manager. 

./user-default-acl-policy.sh [ -c allow/block/confirm | -d ] user@domain 

Using . /user-default-acl-policy. sh, you can perform the following: 

• Show the default ACL policy for a user. 

• Create a user default ACL policy with allow, block, and confirm states. 

• Delete a user default ACL policy, 
where, 

• -c, creates an ACL 

• -d, deletes an ACL 

• and, if you do not enter any parameter, the system displays the default ACL policy script 
options. For example: 

- ./user-default-acl-policy.sh -cALLOW | BLOCK | CONFIRM user@domain 

- ./user-default-acl-policy.sh -d user@domain 

- ./user-default-acl-policy.sh user@domain 
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O Note: 

You can create or delete a user default ACL policy only from System Manager. However, 
to show the current status of the default ACL policy for a user, you can run the . /user- 
default-acl-policy. sh script from both System Manager and Presence server. 

Example 1: Show the default ACL policy for the 55010 user, which is not yet 
created 

[root@abcd -]# ,/user-default-acl-policy.sh 55010 
discriminator | aclid | name | acl 

(0 rows) 

Example 2: Create a user default ACL policy for the 55010 user with a confirm 
state 

[root@abcd -]# ./user-default-acl-policy.sh -c confirm 55010@abc.avaya.com 
INSERT 0 1 

Example 3: Show the confirm state for the 55010 user 

[root@abcd -]# ./user-default-acl-policy.sh 55010 

discriminator | aclid | name | acl 

- + - + - + - 

UD | 994 | 55010@abc.avaya.com | CONFIRM 
(1 row) 

Example 4: Delete the default ACL policy for the 55010 user 

[root@abcd -]# ./user-default-acl-policy.sh -d 55010@abc.avaya.com 

DELETE 1 

Example 5: Show status of the deleted 55010 user 

[root@abcd -]# ./user-default-acl-policy.sh 55010 

discriminator | aclid | name | acl 
(0 rows) 
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Access Levels 


Presence access levels 

Presence access levels are defined in terms of Presence classes. An access level can contain 
a single Presence class or a set of classes. Access rules defined in the Presence ACLs (Access 
Control Lists) then apply to all classes in an access level. 

Presence information is partitioned into several areas called Presence access levels for the 
purpose of access control. Examples of Presence access levels: 

• Instant Messaging Presence 

• Telephony 
•All 

The All access level is always defined and always includes complete Presence information. 
Administrators can create other access levels as necessary. An access level can also contain 
an inversion of a set of classes for convenience. In other words, administrators can define an 
access level to contain all classes that are not in the selected set of classes. This makes it 
easier to define access levels, such as all classes except Phone. 

© Note: 

Presence Services uses hardcoded TELEPHONY_ONLY ACL to provide Presence for 
Phone class. 


Defining rules 

If you define a specific rule to an ACL, then that takes precedence over a generic rule. For 
example, in the same ACL, levels including just one class have precedence over multiple-class 
levels which in turn have precedence over the level All. 

The ACLs in each band are arranged in such a way that an ACL applicable to a single watcher 
or presentity pair (more specific) takes precedence over more generic ACLs applicable to all 
watchers or all presentities and also the ones applicable to all pairs. 
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Filtering 

Presence information is filtered, so each watcher can see only that part of Presence that the 
watcher is allowed to see. Both the Presence owner and system administrator can control the 
level of Presence allowed to the watcher. 

Presence filtering is done with granularity of tuple. Filtering is based on the value of the class 
element and does not affect the person element of Presence. 


Soliciting confirmation 

You can create an ACL, apply the levels, and then solicit confirmation from the user. If you 
have set the ACL to CONFIRM, then the system sets the ACL level to Pending till it receives 
confirmation from the Presence owner or presentity when online the next time. The presentity 
can decide to set the ACL level to Allow or Block or any other level of access for the watcher 
using LPS. If you do not set the Confirm level, the system works with no user interaction. 

O Note: 

Only the System Manager console can manage System Wide ACL. There is no Web console 
to manage User ACL. It is the responsibility of Presence Services clients to manage user 
ACL. 


Presence access levels in System Manager 

System Manager offers basic access levels grouped into default ACLs. Using the default ACLs, 
you can set filtering to Allow, Block, Confirm, Undefined, or Pending states. Each ACL may 
have multiple-level definitions. 

The list of default ACLs arranged in order of priority is as follows: 

• System ACL is for each watcher and with always HIGH priority 

• System Rule (High/Low) for all watchers and all presentities 

• System Default for all watchers and all presentities with the lowest precedence 

• User ACL for each watcher or presentity pair controlled by the user 

• User Default for each presentity controlled by the user 

• Enforced User ACL (High/Low) for each watcher or presentity pair 

The last one gives the administrator fine-grained control over the level of Presence available 
for the watcher. 
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Customizing access levels 

Procedure 

1. Log in to System Manager Web Console as an administrator. 

2. On System Manager Dashboard, under Users, click User Management. 

3. On the User Management page, click System Presence ACLs on the left 
navigation pane. 

4. On the Presence ACL page, in the High Priority section, click New to define a new 
access between a presentity and a watcher. 

5. Click the System ACL tab, and then click New to assign a user the permission to 
view everyone’s presence. 

6. Click the Default Policy tab, and then click New to define default access to all 
users. 

For more information, see the System Manager documentation. 


Viewing Presence access levels 

Procedure 

1. Log in to System Manager Web Console as an administrator. 

2. On System Manager Dashboard, click Elements > Presence > Access Levels. 
The page displays all currently defined Presence access levels. 

For more information, see the System Manager documentation. 


Creating Presence access levels 

Procedure 

1. Log in to System Manager Web Console as an administrator. 

2. On System Manager Dashboard, click Elements > Presence > Access Levels. 

3. On the Presence Access Levels page, click Add. 

4. Fill in details of the new access level. 
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5. Click Save. 


Modifying Presence access levels 

Procedure 

1. Log in to System Manager Web Console as an administrator. 

2. On System Manager Dashboard, click Elements > Presence > Access Levels. 

3. On the Presence Access Levels page, select a row with the access level that you 
want to modify. 

4. Click Edit. 

5. Change details of the access level. 

6. Click Save. 

0 Note: 

Access level All is predefined and cannot be modified or deleted. 

For more information, see System Manager documentation. 


Deleting Presence access levels 

Procedure 

1. Log in to System Manager Web Console as an administrator. 

2. On System Manager Dashboard, click Elements > Presence > Access Levels. 

3. On the Presence Access Levels page, select a row with the class that you want to 
delete. 

4. Click Delete. 


Presence access level field descriptions 

The following fields are defined for a Presence access level. 
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Name 

Description 

Label 

It is a Unique name of the access level. 

Classes 

A set of Presence classes that are included 
in this access level. 


Adding, removing Presence classes to access level 

Adding Presence classes to access level 

Procedure 

1 . In the Available Classes list, select the new classes . 

2. Click the greater than sign (>) to include them in the Selected Classes list. 
For more information, see System Manager documentation. 


Removing Presence classes to access level 

Procedure 

1. In the Selected Classes list, select the classes. 

2. Click the less than sign (<) to remove them. 

If you select Match any class but the specified classes, then it is assumed that 
the access level contains all classes that are not in the Selected Classes list. 
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Appendix B: Configuring users in System 

Manager to enable Presence 
and Instant Messaging 


Communications address terminology 

One of the key concepts in Avaya Aura® is the use of Canonical Addressing. A canonical 
address is a SIP Address of Record (AOR) that is used as route by the core and uniquely 
identifies a single user across all sites in the Enterprise. The Avaya SIP Reference Architecture 
specifies three forms of canonical address: 

1. E.164 International Format. E.164 is a standard of the ITU-T that specifies the 
international public telecommunications numbering plan. There are four types of 
E.164 numbers, one each for geographic areas, global services, networks, and 
groups of countries. All types of this format start with a +, followed by the Country 
Code, and end with a Subscriber Number. For some formats, there are other digits 
between the Country Code and the Subscriber Number. In all cases, the 
combination of digits can be no more than 15 digits, with the Country Code 
accounting for between 1 and 3 of these digits. An example of an E.164 number is 
+13035351234. 

2. Enterprise Private Numbering Format. This format has a numeric string of variable 
length as the user part and a domain: 1234567890@entreprise.com. While the user 
part is of variable length, the complete address must be unique across the 
enterprise. The user part does not need to be unique. For example, you can have 
123456@ease.enterprise.com and 123456@west.enterprise.com. However, the 
qualified domain name (FODN) must be specified. It is usually betterto have unique 
user parts for simplicity. Additionally, not all applications differentiate beyond the 
user part. Therefore, System Administrators must provision all users with 
communication addresses containing unique user parts. Note that the Enterprise 
Private Numbering Format can be set to E.164 without the “+”. While technically 
this may be considered to be a Public rather than Private format, it is called Private 
for the purposes of this section. 

3. Alphanumeric Handle Format. The alphanumeric handle is a user part that is a 
combination of letters and numbers and a domain. For example, 
JohnSmith123@entreprise.com. As indicated, the user part can be a combination 
of upper and lower case letters and numbers, but it need not be a combination of 
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all three. However, the user part must not overlap with the E.164 International or 
Enterprise Private Numbering formats. 

Other terminology used to describe communication addresses is as follows: 

1. Long Form. A synonym of the Enterprise Private Numbering format. However, 
Avaya does not recommend this format as it can be ambiguous. 

2. Short Form. Equates a short dial format accepted by Avaya Aura® Communication 
Manager. As not all people include dialing prefixes, this format can also be 
ambiguous, and Avaya does not recommend its use. 


Network login 

One of the differences between Avaya Aura® and previous Avaya systems is the scope of the 
user’s communications sessions. 

Earlier, when end users logged into Communication Manager, they could log in with a short 
form address in the form of an Avaya Extension (AVXT) that was known to the Communication 
Manager receiving the login. However for Avaya Aura®, the user logs in to the Network rather 
than into Communication Manager. Therefore, they must use a communications address (also 
called a handle) that has network scope. 

In the current implementation, a consistent login is used across all endpoints and clients for 
Presence and IM to function properly. End users must use the Enterprise Private Numbering 
Format as not all endpoints/clients accept entry of a +. 

This is a change for the end users, as previously they were able to log in using an extension 
number (short form). In Avaya Aura® 6.0 release, Avaya recommends that an Enterprise 
Canonical communications address be used for the login. To help mitigate the impact, You 
can set up Enterprise Private Numbering plans of variable length including shorter handles, 
as long as they are unique across the Enterprise. 


Configuring Users 

Avaya recommends that you configure each user with two communication addresses: 

1. E.164 International Format 

2. Enterprise Private Numbering Format 


276 Administering Avaya Aura® Presence Services 

Comments? infodev(d>.avava.com 


October 2013 





Adding contacts 


System Manager displays the User Configuration page as follows: 
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O Note: 

Avaya SIP communications address could also be 3035254424 or 13035354424, depending 
on the Enterprise Private Numbering Format that has been selected. 

You must also provision communication addresses for auxiliary systems, such as the 
addresses in Endpoint Profile used by AES and Microsoft OCS (discussed below). 
Provisioning makes the Presence information from these sources available to users. 

In Release 6.0, only a single Communications Profile must be provisioned for a user. Multiple 
Communications Profiles hamper the functioning of Presence and IM for the user. 


Adding contacts 

About this task 

It is important that you add contacts in a fashion that ensures Presence and IM function 
properly. Avaya recommends that you miantain contacts in E.164 format. As the end users do 
not use this format initially, clients can convert other formats to E.164 prior to storing them in 
SMGR. If there is no provisioned E.164 address, then use the Enterprise Private Number 
format. A client determines the acceptance of a format. 

You can add contacts in three different ways. However, all endpoints/clients do not implement 
all three mechanisms: 
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Procedure 

1. Manual entry. The end user types in the information. 

2. Enterprise Directory lookup. The end user enters some details about the contact, 
and the endpoint/client looks in the directory fora matching entry. If a matching entry 
is found, it is added to the System Manager database as a contact for which 
Presence and IM are allowed. If there is no match, then the system disables 
Presence and IM with that contact. 

3. Entry from Call Log. The end user can select a contact from an incoming, outgoing, 
or missed call log and add the contact to the Contact List. The same matching rules 
as described in item (2) are applied to determine if Presence and IM are available 
with the new contact. Note that not all clients support adding contacts from a call 
log. 

When a match is not found in SMGR, then Presence and IM are not available for 
that contact, even if they are present in the System Manager database as a 
provisioned user. The primary reason for not finding a match is the use of different 
number formats. For example, short versus long number strings, use of dialing 
prefixed numbers, and so on. 

Mapping a SMGR user is important when adding a contact from the Enterprise 
Directory. If mapping fails, then the contact is considered to be external, and 
Presence and IM are not available to the user. This mapping typically uses either 
the E.164 communications address or the binary unique identifier found in the 
Directory that has been imported through a directory synchronization or bulk import 
into System Manager. 

In addition to having a match, in Avaya Aura® 6.0 you need to provision a contact 
with a Session Manager Communication Profile (CommProfile) for Presence and 
IM to be available for that contact, even if the contact does not use SIP. This 
limitation is being removed in the Avaya Aura® 6.1. 

Presence Services can provide the Presence of Enterprise users that have 
accounts with Microsoft Office Communications Server (OCS). For this to work, the 
OCS address of the contact must be provisioned in System Manager. This means 
that IM to OCS users who are not provisioned as Avaya Aura® users will not be 
available in this release. 

When a Presence client starts, it assumes it can watch the presence of all members 
on its Contact List. To achieve this, the client subscribes to the User Contact List 
that contains all contacts by sending the list to the Presence Services. When the 
system updates the list with either additions or deletions, Presence Services is 
notified. Presence Services automatically updates the Presence subscriptions, 
closing subscriptions for deleted entries and creating new subscriptions to added 
entries. Depending on the load on the system, modification and deletion of existing 
contacts may take a few minutes to become visible in a client Contact List. 
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Presence and Instant Messaging 

Two major new features in Avaya Aura® 6.0 are the incorporation of aggregated Presence 
information and the ability to send instant messages between users. Presence information is 
aggregated from multiple sources, including hardphones and soft clients that register with 
Avaya Aura® Session Manager through SIP, such as: 

• Avaya one-X® Communicator 

• AES for H.323, DCP, and Analog endpoints 

• Java API 

• Microsoft Office Communicator 2005 and 2007 clients based on OCS 2007 R2 

• XMPP clients based on an XMPP federated server 

Presence information is sent from Presence Services to clients over SIP or through Java API. 
Information is filtered individually for each Watcher (person viewing Presence state of another 
user) / Presentity (the user being watched) pair. The Presence Services clients then render 
the Presence information for various watchers in a client-specific format. For example, Avaya 
one-X® Communicator displays Presence information as follows: 


Administering Avaya Aura® Presence Services 


October 2013 


279 




Configuring users in System Manager to enable Presence and Instant Messaging 
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The left column shows the Presence status of people being watched by the user (Presentity) 
5354425. The icons in the second column from the right show whether a given user is available 
in each modality used by the presentity. For example, Mike Hayter is available for a telephone 
call but not available for either IM or video. If a user is not provisioned in System Manager, 
then the user can avail Presence information nor IM. Similarly, if there are no provisioned e- 
mail addresses, then the system does not display the e-mail icon. Another restriction for the 
6.0 release is that Presence for H.323, DCP, and Analog users can only be seen if those users 
are on the watcher’s Contact List. This includes viewing their Presence state in Call Logs and 
in Directory Searches. 

When an IM session is initiated in Avaya one-X® Communicator, a new window opens that 
shows the contents of the IM: 
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H-i Bob Braudesl 


c 


_ x 


Me [3:31 PM]: 

Hi. are you on the call? 

Bob Braudesl [3:32 PM]: 

Yes, it is an interesting discussion. Should we mention the plans for adding IM 
capability to the GA release 7 

Me [3:33 PM]: 

Yes, l was hoping that you would bring that up and lead any discussions that may 
generated 

Bob Braudesl... 



This works in a manner similar to most IM clients. 

There are a number of different scenarios for IM communication, especially when users logs 
into multiple devices simultaneously. The four scenarios illustrates what the user can expect 
with IM clients logs into the Presence server. 

User A and User B use one client each 

This is the simplest scenario and works in a manner similar to most IM clients. User A’s 
messages appear in User B’s client and User B’s messages appear in User A’s client as shown 
in the Avaya one-X Communicator Chat windows. 
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UserAChatting with UserB 


User B chatting with User A 


# Chat User 8 

O User B 

Me (11:43 AM): 

Heio User B 

User B (11:43 AM|: 

Hi User A 


| + i -X 


© F s? 


# Chat User A 
O User A 

User A (11:43 AM]: 

Heio User B 

Me (11:43 AM): 

Hi User A 


+ ■ - X 


© F # 


User A has single client and User B uses multiple clients 

In this Scenario User B is logged into two clients, such as one-X Communicator and Avaya 
Flare. When User A initiates a chat with user B, the initial message is displayed on both the 
clients. However, once User B responds to the initial chat message, user A’s subsequent 
responses are directed to the client that sent the reply. 
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User A Chatting with UserB 


UserB chatting with User A 





Note that if User B responds to A using his Flare client, User A’s client in turn responds back 
to the Flare client and not the one-X Communicator client as shown in message “D” and “E”. 

User A has multiple clients and User B uses one client 

In this Scenario User A is logged into two clients and User B is logged into one client. In this 
scenario, User A is effectively creating two chat sessions, one is created when User A sends 
the message “A” from the one-X Communicator client and another is created when User A 
sends the message “C” from the Flare client. Even though this results in two chat sessions, 
User B’s one-X Communicator client does not expose those details to User B. 
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When User A continues the chat in the Flare chat window, the system generates a new thread 
ID. This means, for any application that archives the conversations, the conversation from the 
Flare window may appear as a different conversation. 


User A Chatting with UserB 

UserB chatting with User A 
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User A has multiple clients and User B has multiple clients 

In this Scenario, User A is logged into two clients and User B is logged into two clients. Similar 
to the previous scenario, User A is effectively creating two chat sessions, one is created when 
User A sends the message “A” from the one-X Communicator client and another is created 
when User A sends the message “E” from the Flare client. In all cases, User B’s chat sessions 
return messages back to the originator of each individual message. 
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When User A continues the chat in the Flare chat window, the system generates a new thread 
ID. This means, for any application that archives the conversations, the conversation from the 
Flare window may appear as a different conversation. 
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User A's Flare Chat Client 
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User B's Flare Chat Client 
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Appendix C: Configuring the Presence 

server for Avaya one-X® Client 
Enablement Services 


Procedure 

1. Log in to the Presence Services XCP Controller Web interface. 

2. Select the Advanced configuration view. 

3. Add each of the Avaya one-X® Client Enablement Services host names to the Trusted TLS 
host names: 

a. On the Presence Services XCP Controller main page, click Edit next to Global Routing 
Settings. 

b. On the Global Settings Configuration page, scroll down to the Mutually Trusted TLS 
Hostnames section and enter the host names in the Host Filters text box. 

The host names must match the CN value obtained from the root certificate from WAS. 

O Note: 

To obtain the CN name from WAS, select Security > SSL certificate and key 
management > Key stores and certificates > NodeDefauitTrustStore > Signer 
certificates. Enter the FQDN of the Avaya one-X® Client Enablement Services 
machine. 

4. Enter the details for AES Collector: 

a. On the Presence Services XCP Controller main page, click Edit next to AES Collector. 

b. On AES Collector Configuration page, scroll down to the AES Collector Component 
section. 

c. Enter Default AES Username. For example, admin login. 

d. Enter Default AES Password. For example, adminl_password. 

5. Enter the details for RTC Collector: 

a. On the Presence Services XCP Controller main page, click Edit next to RTC Collector. 

b. On the RTC Collector Configuration page, scroll down to the Hostnames for this 
Component section and enter Host(s). 

c. On the RTC Collector Configuration page, scroll down to the RTC Collector 
Component section and enter User Name. 


Administering Avaya Aura® Presence Services 


October 2013 287 


Configuring the Presence server for Avaya one-X® Client Enablement Services 


O Note: 

RTC collector is required only for OCS integration with Presence Services. For more 
details, see Implementing Avaya Aura Presence Services. 

6. To change Log in to PostgressSQL settings log in to the system console of the Presence 
server. 

7. Access the Presence server Command Line Interface through Putty and verify the following 
settings: 

a. Type cd /var/lib/pgsql/data. 

b. In the data directory, use the vi pg_hba.conf command to modify the pg_hba. conf file 
and add the exact IP address ranges with proper masking bit at the end of the file. For 
example, hosts all all 148.147.146.145/32 md5. 

O Note: 

The subnet is that of the one-X Client Enablement Services server. The subnet supports 
communication between one-X Client applications and the Presence server. 

c. In the data directory, use the vi postgresql.conf command to modify the 
postgresql. conf file and set listen_addresses = *. 

d. To restart the postgres sql service, enter service postgresql restart. 

C Note: 

System Manager handles Presence Services on Avaya one-X® Client Enablement Services. 
You can enable Presence Services only for the users who are defined on System Manager. 
Such users are superset of the users who are defined on Avaya one-X® Client Enablement 
Services. Therefore, you can see the presence of a user who is defined only in System 
Manager and not in Avaya one-X® Client Enablement Services. 
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Appendix D: CS 1000 with Presence 

Services 


When you implement Presence Services with CS 1000, you can configure Avaya one-X® Communicator 
to be the watcher as well as allow other system to watch Avaya one-X® Communicator. However, with 
non-Avaya one-X® Communicator phones, such as analog and digital; using Presence, they can be 
watched but cannot be watchers. 

You can now administer CS 1000 using System Manager. Using System Manager Web Console you can 
perform the following tasks to enable Presence Services: 

• Creating a subscriber 

• Creating a Presence account 

• Adding a telephony 


Creating a subscriber 

Procedure 

1. Log in to System Manager Web Console. 

2. On System Manager Dashboard, click User Management. 

The system displays the User Management page. 

3. Click User Management > Manage Users > New. 

The system displays the New User Profile page. 

4. On the Identity tab, enter the following details: 

a. Last Name: Last name of the subscriber. 

b. First Name: First name of the subscriber. 

c. Login Name: Login name of the subscriber. 

d. Password: Password for the subscriber. 

5. On the Communication Profile tab, enter the communication profile password and 
then confirm the communication profile password for the CS 1000 end point user. 

6. In the Communication Address section, click New. 

a. In the Type field, click the type of end point that you want to add. For example, 
Avaya SIP or Avaya E.164. 
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b. In the Fully Qualified Address field, enter the handle and domain details. For 
example, in the Handle field, enter +35311230121. 

c. From the Domain field, select a domain. For example, avaya.com. 

d. Click Add. 

€1 Important: 

You must add at least one SIP/E.164 Handle on the Communication Profile for 
the 1XC-SIP, H.323, Flare, 96xx, SIP and other watchers, to see the presence 
status of a CS1000 user. If you do not add a SIP/E. 164 handle, the system does 
not display the presence status of the CS1000 user on the watchers. 

7. To save the changes, click Commit. 

8. Enter the details of the new subscriber, such as Last name, First name, Employee 
ID, and so on. 

C Note: 

You do not need to fill in all the details except username and domain for Presence 
Services. You may have to fill in other details if one-X Client supports Open LDAP. 
You must fill in the password if you want to synchronize the password of all the 
presence and telephony accounts to the same password for this subscriber. This 
password is not active until password synchronization is done. Once it is done, 
it replaces the existing Communication Profile Password (for example, the default 
Presence Account password) for the Presence Services of this user. The same 
password is also sent to the CS 1000 Call Server to update the UPWD. UPWD 
is the login password for the SIP Line Telephony account. 

9. To save the changes, click Save. 


CS 1000 Presence publisher 

The CS 1000 Presence publisher sends SIP messages to the Presence server whenever there 
is a change in the status of the call for all CS 1000 line phones that do not use XMPP protocol. 
The Presence publisher uses the SIP Publish message to capture the change in the call status 
and sends to the Presence Server which in turn sends the status change using XMPP protocol 
to the one-X client. 
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Configuring Presence publisher 

Procedure 

1 . Log in to System Manager Web Console, click Administrators. 

The system displays the Administrative Users page of the CS 1000 Unified 
Communication Management (UCM). 

2. Under Network, click Elements. 

The Elements page displays the existing elements. 

3. On the Elements page, select the Element Manager (EM) element with element 
type CS 1000. The system displays the System Overview page. 

4. 

5. Under System, click IP Network to open a sub menu. Click Nodes , Servers, and 
Media Cards. 

The system displays IP Telephony Nodes. 

6. Click the node in which you want to configure the Presence publisher. 

The system displays the Node Details page. 

7. To configure Presence publisher, select the Presence Publisher application. 

8. From the IM and Presence server type drop-down list, select the server type. For 
example, Aura PS. 

9. Fill in all the other fields as required. 

10. In the Outbound Proxy server section, you can: 

• Send the SIP publish message directly to the Presence server 

• Send SIP publish message to Session Manager, which in turn routes the 
messages to the Presence server 

11. Fill in the Outbound Proxy settings with the IP address of the Presence Services: 

• If you want to send the SIP publish messages directly to the Presence 
Services. 

• Otherwise, fill in the IP address of the Session Manager if you are using 
Session Manager to route the SIP publish messages. 

12. If you are using Session Manager to route the SIP publish messages, you must 
configure a Presence server SIP Entity and a Session Manager to Presence server 
SIP Linkage in System Manager. 
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For more information on how to do configurations in UCM, see https:// 
support.avaya.com/css/Products/P0715/All Documents 

• Unified Communications Management Common Services Fundamentals Avaya 
Communication Server 1000, Doc ID: NN43001-116 
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Appendix E: Presence Services field 

descriptions 


Field 

Description 

Presence Services name 

Install Presence Services in a different domain from OCS. 
This allows for federation between OCS and Presence 
Services. 

If you plan on installing the RTC Collector for Microsoft 
Office Communicator Server (OCS), then your Presence 
server needs to be in a different domain or subdomain of 
the enterprise domain in which the OCS Server is 
present. 

This needs to be resolvable by a DNS SRV record. 

O Note: 

Presence Services must have a static IP address. Do not 
attempt to dynamically assign IP address through 
Dynamic Host Configuration Protocol (DHCP) as this 
may cause the system to become unstable in the 
future. 

Presence Services must also have an FODN assigned 
to it. 

System Manager Configuration settings 


System Manager Host 

PANTHERHOST 

0 Note: 

The host name is required here (not the IP address) for 
certificate validation purposes. You must also ensure 
that you can access the System Manager server. For 
example, using the ping command from either side or 
DNS lookup. For a template installation from CDOMO, 
the System Manager must be running at the time of 
Presence Services installation, because the installer 
attempts to register the new Presence Services instance 
and get a new certificate for it. 

If you are not using DNS server, you must make 
additional entries to /etc/hosts field. 

Web Services Port. 
PANTHER_WS_PORT 

System Manager Web Services Port 

Port used by System Manager to expose its Web Services- 
defaults to 443 
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Presence Services field descriptions 


Field 

Description 


The port matrix table makes sure that all these port 
numbers are valid. The default values can be accepted as 
they appear. If you have changed these values in System 
Manager then you need to make sure that these values 
here match them. The port matrix table is available at 
https://enterpriseportal.avava.com/ptlWeb/qetfile? 

doclD=MTAwMDkzNzE3. Please contact vour Avava 
Support Representative for information. 

0 Note: 

This is a numeric value and the system displays this 
default value automatically. 

Naming Service Port. 
PANTHER_NAMING_PORT 

System Manager Naming Service Port 

Port used by System Manager to expose its Naming 
Service -defaults to 1399 

O Note: 

This is a numeric value and the system displays this 
default value automatically. 

System Manager Login 
PANTHER_LOGIN 

System Manager Login 

The System Manager administrator login name used by 
System Manager to get access to its services 

0 Note: 

You can use the system/system username in System 
Manager, or you can create a Presence-specific 
username on System Manager with administrator 
privileges. 

Password 

PANTHERPASSWORD 

The System Manager 

The password associated with the System Manager Login 
name 

Secure Connection 

PANTHER_SECURE 

Set to true to enable System Manager secure connections, 
or false to disable 

Presence Services Configuration settings 

Router Service Name 
ROUTER_SERVICE_NAME 

0 Note: 

Ensure that the value you enter for the 
ROUTER_SERVICE_NAME field is in 
small case. 

Router Service Name 

This is the domain used internally by Presence Services 
under which user presence is aggregated. 

Using the data substitution rule, Presence Services 
converts a user's ID in System Manager to a valid ID in 
Presence Services. The conversion happens as explained 
in the example here: 
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Field 

Description 


For example, if you have a user Jane Doe working for a 
company "example" then her user log-in could be 
janedoe@example.com in System Manager. 

• Jane Doe's company domain: example.com 

• Jane Doe's user login in System Manager: 
janedoe@example.com 

• In the Presence Services domain 
(ROUTER_SERVICE_NAME): presence.example.com. 
Jane Doe’s ID in Presence Services will be: 
janedoe@presence.example.com. 

As a system administrator, ensure that you set the domain 
substitution rule in System Manager. To do this, navigate 

to Elements > Presence > Configuration and change the 
value: 

• From @ 

• To @presence. 

O Note: 

Notice that there is a dot after the word, presence. 

Router Realm 

ROUTERREALM 

Router Realm 

A unique name (within the cluster) of Presence Services 
instance - defaults to presence 

For more information, see Load Balancing. 

The Realm is a unique string used to identify the router and 
all of its components. The realm was supplied during 
installation. If necessary, you can change the realm after 
you have installed the server. To do this, you must change 
the realm’s setting in the Global Settings Configuration 
screen and in the web-cm.xml file. 

Router Cluster 

ROUTERCLUSTER 

Router Cluster 

The name of the cluster to which Presence Services 
belongs - defaults to clusterl 

O Note: 

The Cluster, specified during installation, is a unique 
string that identifies your XCP server installation. 
Clusters enable the server to use dynamic routing in 
high-scale installations where multiple XCP core routers 
are required. All of the routers that need to interact must 
be in the same cluster, and must be installed on the 
same network subnet. If necessary, you can change the 
cluster after you have installed the XCP server. To do 
this, you must change the cluster’s setting in the Global 


Administering Avaya Aura® Presence Services 


October 2013 


295 







Presence Services field descriptions 


Field 

Description 


Settings Configuration screen and in the web-cm.xml 
file. 

Server IP Address 

IP_ADDRESS 

Server IP Address 

IP address of Presence server - defaults to current IP 
address. If it is xxx.xxx.xxx.xxx, change to a valid IP 
address. 

Collector/Distributor Support 
PS_CONTAINER_ENABLE 

Enables the Presence container. The container is required 
to support Presence collectors, distributors and other 
associated components. Disabling this components is 
effectively an XCP only installation, and most other 
components on this panel will automatically be disabled - 
defaults to true 

Set to true to enable Collector/Distributor support, or false 
to disable 

Session Manager Integration 

Adds integration with the Avaya Aura® Session Manager 
Set to true to enable Session Manager integration, or false 
to disable. 

The default is true in the graphical installation and false in 
the template installation. 

SIP Client Support 
SIPCLIENTSUPPORTENABLE 

Enables access from Avaya SIP clients through SIP PS 
component 

Set to true to enable SIP client support, or false to disable 
The default is true in the graphical installation and false in 
the template installation. 

XMPP-IM Functionality 

Set to “true” to enable, or “false” to 
disable. 

XMPP_IM_ENABLE 

Enables the XMPP functionality for clients, such as, Avaya 
one-X Communicator, Avaya 96x1 deskphones 

Set to true to enable XMPPIM functionality, or false to 
disable 

The default is true in the graphical installation and false in 
the template installation. 

Load Balancing Support 

Set to “true” to enable, or “false” to 
disable. 

Enables the Load Balancing support 

Set to true to enable Load Balancing, or false to disable 
The default is true in the graphical installation and false in 
the template installation. 

AES Collector Component 

Enables the Application Enabled Services (AES) collector 
Set to true to enable the AES Collector, or false to disable 
The default is true in the graphical installation and false in 
the template installation. 

Set to true if you would like to collect presence information 
from non-SIP phones, such as, H323 and DCP telephones 
and SIP telephones administered as OPTIM extensions, 
through an AES connected to a Connection Manager. 

SES Collector Component 

Enables the SIP Enabled Services (SES) collector 
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Field 

Description 


Set to true to enable the SES Collector, or false to 
disable. 

Set to true of you would like to collect presence information 
from legacy SIP phones through SES. 

RTC Collector Component 

Enables the Real-Time Communications (RTC) collector 
Set to true to enable the RTC Collector, or false to 
disable. 

Set to true if you would like to collect presence information 
from Microsoft Office Communicator clients through the 
OCS Edge server. 

XMPP Collector Component 

Enables the Extensible Messaging and Presence Protocol 
(XMPP) collector 

The default is true in the graphical installation and false in 
the template installation. 

Set to true if you would like to collect presence information 
from another XMPP server. The XMPP servers in turn 
would connect to Instant Messaging (IM) clients such as, 
Google Talk or Gajim. 




Note: 

The installer does not display configuration pages for components that are disabled on Presence 
Services Configuration panel. If you enable a component on the Presence Services Configuration 
panel, an appropriate component configuration panel is displayed. 


Available XMPP-IM Components Setting 


SIP Gateway for OCS 

Enables the SIP Gateway to communicate with the Office 
Communications Server (OCS) collector. 

Set to true to enable the SIP Gateway for OCS to get 
presence information from OCS IM federation between the 
Avaya clients such as, Avaya A175 Desktop Video Device 
or Avaya one-X Communicator to Microsoft Office 
Communicator clients based on OCS 2007/R2. 

Ensure that you can access the OCS server. For example, 
using the ping command from either side or DNS lookup. 
The operating system should be able to convert the host 
name to an IP address. 

Ensure that you can access the OCS clients. For example, 
using the ping command from either side or DNS lookup. 
The operating system should be able to convert the host 
name to an IP address. 

The default is true in the graphical installation and false in 
the template installation. 

Message Archiver Component 
MSG_ARCHIVE_ENABLE 

Enables a component that archives IM messages 

Set to true to enable the IM archiver, or false to disable 
The default is true in the graphical installation and false in 
the template installation. 
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Field 

Description 

IM Transcripts Component 

Enables the Instant Messaging (IM) Transcripts 
component. This is used to read the archived messages 
Set to true to enable the IM transcripts, or false to disable 
The default is true in the graphical installation and false in 
the template installation. 

0 Note: 

The IM Transcripts component is only available if the 
Message Archiver has been enabled. 

If you set this to false after selecting the Message 
Archiver Component then the system will archive your 
messages but you will not be able to access them from 
the IM Transcripts Web server. 

Session Manager Configuration Setting 

The Session Manager Configuration Panel is displayed only if Session Manager Integration is enabled 
on the Presence Components panel. 

Session Manager Addresses 
SESSION_MANAGER_HOST 

The IP address of the Session Manager server. 

Enter a valid Session Manager Asset IP address. You can 
add multiple Session Managers using comma-separated IP 
addresses. 

AES Component Configuration Setting 

The AES Configuration Panel is displayed only if the AES Collector is enabled on the Presence 
Components panel. 

inclAES 

Set to true to enable the AES Collector, or false to 
disable. 

AES Login 

AESUSERNAME 

AES Login 

The universal login for AES servers. 

You must be a CTI User in AES with “Unrestricted 

Access”. 

AES Password 

AESPASSWORD 

AES Password 

The universal password to for AES servers 

0 Note: 

Configuring Presence Services for multiple AES hosts is 
easier if all of the hosts support the same user name and 
password for Telephony Server Application 
Programming Interface (TSAPI) access. If this is not 
possible, pick one of the user name/password pairs to 
use with the installation and then configure the rest after 
installation. See the XCP help pages for more 
information. 

SES Component Configuration Setting 
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Field 

Description 




The SES Configuration Panel is displayed only in the Advanced Mode if the SES Collector is enabled 
on the Presence Components panel. It is not displayed in the Standard Mode as all of the default values 
can be safely accepted. 

If you set SES Collector to false, do not edit the attendant default values in the template installation. 


incISES 

Set to true to enable the SES Collector, or false to 
disable. 

SES Transport 

SESTRANSPORT 

SES Transport is either tcp or tls. 

The transport used for connection to SES Server - defaults 

to tls. 

0 Note: 

TCP is only acceptable for tests environments and early 
integration. TLS should be used for PS working in the 
Enterprise environment. 

SES Port 

SESPORT 

SES Port. A numeric value 

The port to listen for connections from SES - defaults to 
35060. 

O Note: 

Enter the port that the component uses for 
communications. If SIP Proxy is not configured for SES 
SIP traffic then the default choice is 35060. 

RTC Component Configuration setting 



The RTC Configuration Panel is displayed only if the RTC Collector is enabled on the Presence 
Components panel. 

If you set RTC Collector to false, do not edit the attendant default values in the template installation 


incIRTC 

Set to true to enable the RTC Collector, or false to 
disable. 

RTC Edge 

RTCEDGE 

Edge FQDN 

The host name of the RTC Edge server. A valid server 
name on which you have the RTC Collector installed. 

O Note: 

A host name is required here (not the IP address) for 
certificate validation purposes. 

Ensure that you can access the RTC Edge server. For 
example, using the ping command from either side or DNS 
lookup. The operating system should be able to convert the 
host name to an IP address. 

RTC SIP Domain 

RTC_SIP_DOMAIN 

RTC SIP Domain 

This is the sip domain used by RTC servers. For example, 
if you login to RTC Client with user@ms.com, then the sip 
domain is “ms.com”. 
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Field 

Description 


Ensure that you can access the Microsoft OCS clients. For 
example, using the ping command from either side or DNS 
lookup. The operating system should be able to convert the 
host name to an IP address. 

RTC Collector User Name 
RTCJJSERNAME 

RTC Collector User Name 

The federated user name that is used to subscribe for RTC 
presence. This user’s domain should not be the RTC SIP 
Domain defined above. 

Federated user name for collecting presence 

RTC Collector Port 
RTCCOLLECTORPORT 

RTC Collector Port. A numeric value. 

The port used by RTC collector SIP stack - defaults to 
45061. 

SIP Gateway for OCS Configuration setting 

The SIP Gateway for OCS Panel is displayed only if the SIP Gateway for OCS component is enabled 
on the XMPP-IM Components panel. 

If you set the SIP Gateway for OCS component to false, do not edit the attendant default values in the 
template installation. 

inclOCS 

Set to true to enable the SIP Gateway for OCS , or false 
to disable. 

OCS Edge 

OCSEDGE 

OCS FODN 

The hostname of the OCS Edge server. 

0 Note: 

A host name is required here (not IP address) for 
certificate validation purposes. 

Ensure that you can access the OCS Edge server. For 
example, using the ping command from either side or DNS 
lookup. The operating system should be able to convert the 
host name to an IP address. 

OCS SIP Domain 
OCS_SIP_DOMAIN_ENTRY 

OCS SIP Domain 

This is the sip domain used by OCS servers. For example, 
if you login to your Office Communications Client with 
User@ms.com, then the sip domain is “ms.com”. 

OCS SIP Port 

OCSSIPPORT 

OCS SIP Port. A numeric value. 

The port used by the SIP stack - defaults to 65061. 

O Note: 

Systems that have both an OCS Gateway and an RTC Collector enabled usually use a common 
Edge and Domain. In this case the RTC Edge is the same as the OCS Edge and the RTC SIP 
Domain is the same as the OCS SIP Domain. 

XMPP Component Configuration setting 
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Field 

Description 




The XMPP Configuration Panel is only displayed if the XMPP Collector component is enabled on the 
Presence Components panel. 

If you set XMPP Collector Component to false, do not edit the attendant default values in the template 
installation. 




incIXMPP 

Set to true to enable the XMPP Collector, or false to 
disable. 

XMPP ID 

XMPPID 

XMPP ID 

This is unique internal id for this XMPP server configuration. 
There are no restrictions on this field as it is used for 
identification only. 

XMPP Domain 

XMPPDOMAIN 

XMPP Domain 

XMPP domain as configured on the XMPP server 

The operating system should be able to convert the 
hostname to an IP address. Ping to reach the XMPP server 
from the Presence server or use a DNS look-up. The value 
for the XMPP domain must be different from your SIP 
domain. For example, pres example.com if your SIP 
domain is example.com. 

XMPP Host 

XMPPHOST 

The IP address or the host name of the XMPP server. 
Ensure that you can access the XMPP server. For example, 
using the ping command from either side or DNS lookup. 
The operating system should be able to convert the local 
host name to an IP address. 

XMPP Username 

XMPPFEDUSERNAME 

XMPP Username 

The name of the federated XMPP user. This user must be 
configured at the XMPP server and have sufficient 
privileges to monitor presence of all other users in the 
system. 

XMPP Password 

XMPPFEDPASSWORD 

XMPP Password 

The password associated with the federated XMPP user. 

XMPP Port 

XMPPPORT 

XMPP Port. A numeric value. 

Port that the XMPP server listens on for incoming 
connections - defaults to 5222. 

Presence Class 

IST_PRESENCE_CLASS 

Presence class used for conversion from pidf document. 
Valid settings are: Phone, Calendar, Avaya IM <Jabber>, 
Internet IM, Enterprise IM, Avaya Application, and Line 
of Business (LOB) Application. 

You do not need to manage the classes here. Refer to the 
Administering Presence Services guide for more 
information. This guide is available from 
support.avava.com. 

Load Balancing Configuration setting 
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Field 

Description 

The Load Balancing Configuration Panel is displayed only if the Load Balancing 2 component is 
enabled on the Presence Components panel. 

If you set Load Balancing 2 component to false, do not edit the attendant default values in the template 
installation. 

LOADENABLE 

Set to true to enable Load Balancing, or false to disable 

First JSM 

LOAD_JSM_1 

These parameters form a list of JSM (Presence Session 
Manager) IDs that form a cluster. 

Typical JSM IDs are jsm-I.eupresence, 
sm-l.uspresence or jsm-l.apacpresence. If load 
balancing is enabled, then at least one JSM must be 

Second JSM 

LOADJSM2 

Third JSM 

LOADJSM3 

defined; additional JSMs are optional. (LOAD_JSM 1, 
LOAD JSM 2, LOAD JSM 3, LOAD JSM 4, 

LOAD JSM 5, LOAD JSM 6) 

Fourth JSM 

LOAD_JSM_4 

Fifth JSM 

LOAD_JSM_5 


Sixth JSM 

LOADJSM6 


0 Note: 


Additional JSMs can be added after the Presence Services has been installed. 

IM Transcripts Component setting 

The IM (Instant Messaging) Transcripts web service component provides the web service interface. 
Third-party components use this interface to retrieve details of archived IM messages from the central 
presence database. 

The IM Transcript Panel is displayed only in the Advanced Mode if the IM Transcripts is enabled on 
the XMPP-IM Components Panel. It is not displayed in the Standard Mode as all of the default values 
can be safely accepted. 

If you set IM Transcripts to false, do not edit the attendant default values in the template installation. 

IM_ENABLE 

Set to true to enable the IM Transcripts, or false to disable 


0 Note: 


The IM Transcripts web service can be installed using 
only default parameters. 

Database User Name 

IMJJSERNAME 

The database user name used to read IM Transcript 
records - defaults to xcp_user 

Database Password 

IMPASSWORD 

The password associated with Database user name - 
defaults to jabber 

Local Presence Database Configuration setting 
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Field 

Description 




The Local Presence Database Configuration Panel is displayed only in the Advanced Mode. It is not 
displayed in the Standard Mode as all of the default values can be safely accepted. The template 
installation displays all fields. 


Password 

DBPASSWORD 

Password 

The database login password - defaults to presence123 

Host 

DBHOST 

Host 

The machine that is used to host the local database - 
defaults to localhost 

Port 

DBPORT 

Port. A numeric value. 

The port used to connect to the local database - defaults 
to 5432 

Database Name 

DBNAME 

Database Name 

The name of the database instance used for the user data 
- defaults to presence 


Data Replication Service Configuration setting 


The Data Replication Panel (which defines data is copied from System Manager to the local database) 
is displayed only in the Advanced Mode. It is not displayed in the Standard Mode as all of the default 
values can be safely accepted. 




External ID 

REPLICATIONEXTERNALID 

External ID 

Unique external id for data replication. This ID must be the 
fully qualified host name of the Presence server. 

Node Group ID 

REPLICATIONNODEGROUPID 

Node Group ID 

Data Replication Node Group ID 

The id of the replication group - defaults to “psreplica” 

Local JMX Port 

REPLICATIONLOCALJMXPORT 

Data Replication Local JMX Port 

Local JMX port to be used by the local Replication service 
- defaults to 2009 

Master JMX Port 

REPLICATION_MASTER_JMX_PORT 

Data Replication Master JMX Port 

JMX port of the Master Replication service System 
Manager server - defaults to 2009. 

The local JMX Port and the Master JMX Port exchange 
information. For example, they exchange presence status 
information on System Manager. 

O Note: 

The JMX Port is the port used by the Java Management 
Extensions framework. The local replication service is 
the client side and the Master replication service the 
server side of the Data Replication Service provided by 
System Manager. 

Both the Local and Master JMX Ports should have the 
same value as the value of “drs.local.jmx.port”property 

in “$ JBOSS HOME/server/avmgmt/deploy/ 
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Field 

Description 


symmetricds.war/WEB-INF/classes/ 
symmetric . properties” file on the System 
Manager server. 

Polling Interval (ms) 
REPLICATIONPOLLINTERVAL 

Polling Interval (ms). A numeric value. 

The time interval, in milliseconds, between polls for data 
changes - defaults to 5000 

0 Note: 

The fully qualified host name of the Presence server as provided in the External Id parameter. The 
System Manager server must be able to access the Presence server. For example, using the ping 
command from either side or DNS lookup. The operating system should be able to convert the host 
name to an IP address. 

Licensing Service Configuration service 

The Licensing Configuration Panel is displayed only in the Advanced Mode. It is not displayed in the 
Standard Mode as all of the default values can be safely accepted. 

Polling Interval for license updates 

The time interval, in seconds, for polling for licence updates 

- defaults to 300 

(LICENSINGPOLLINTERVAL) 

Polling interval for license renewal 

The time interval, in seconds, for polling for licence 
renewals - defaults to 300 
(LICENSINGRENEWINTERVAL) 

SAL Logging Service Configuration setting 

SAL Organization FODN Name 

SPIRIT.FCDN 

This value must match the SAL Organization fully qualified 
domain name (FODN) on the System Manager server 

O Note: 

A trailing dot (.) is required at the end of the this field. 

SAL Platform Gualifier Name 

SPIRIT.platformqualifier 

This value must match the SAL Platform Qualifier name on 
the System Manager server 

SAL Organisztion FQDN Name - with trailing dot (V) 

The SAL Organization FQDN Name and SAL Platform 
Qualifier Name values must match the values on the setting 
on the System Manager server. To obtain these values log 
into the System Manager GUI and select System Manager 
Data > Settings > SPIRIT > DataTransportConfig. 

0 Note: 

The SAL Organization FODN Name and SAL Platform Oualifier Name values must match the values 
on the setting on the System Manager server. To obtain these values log into the System Manager 
GUI and select System Manager Data > Settings > SPIRIT > DataTransportConfig. 

Trust Management Service Configuration setting 
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Field 

Description 

Enrollment Pasword 

SCEPPASSWORD 

This is the simple certificate enrollment password provided 
for Presence servers 

© Note: 

This System Manager enrollment password must not 
have expired. 

0 Note: 

The Enrollment Password value must match the password on the System Manager server. To 
obtain this value log into the System Manager GUI and select Security > Certificates > Enrollment 

Password > End Etity Profiles. The End Entity Profiles value must match the System Manager 
server. To see the available profiles log into the System Manager GUI and select Security > 
Certificates > Authority > Edit End Entity Profiles. 

© Important: 

Presence Services does not get installed if the enrollment password contains a dollar ($) sign. 

End Entity Profiles 

TM_SCEP_PROFILE 

Avaya recommends that Presence Services users only use 
the INBOUND OUTBOUND TLS profile - defaulted to 
INBOUND_OUTBOUND_TLS 

End Entity Profiles. Valid settings are: 

INBOUND OUTBOUND T LS, OUTBOUND TLS, 
INBOUNDTLS, and EMPTY. 

Transport Layer Security (TLS) is the definition of the 
security layer between Presence Services and System 
Manager. System Manager only supports 
"INBOUND OUTBOUND _TLS" in this release. 

Summary Panel 

The Summary Panel reminds which packs to install and to 
what location. If you do not want to install Presence 
Services, then click Quit button. 

Installation Panels 

The Installation Panels show you how the installation is 
progressing. This information is written to a log file 
at: /opt/Avaya/Presence/. If for some reason the 
installation fails, this file contains useful diagnostic 
information. The installation typically takes about 25 
minutes, depending upon the components that need to be 
installed, hardware, and network performance. 

Installation Summary Panel 

The Installation Summary Panel is displayed when the 
installation is complete. You are prompted to install the 
Presence Services License to System Manager before 
continuing. You will also be able to open the XCP home 
page. When you click on the Done button the silent 
installation files are written to /opt/Avaya. 
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Appendix F: Sample deployment 

configurations 


RTC Collector configuration worksheet 

The following table outlines a set of parameters that you must know before enabling an RTC 
collector: 


Configuration parameter 
Name 

Parameter value 

Default value presented on the 
configuration screen 

User Name 



PS SIP Domain 10 


The service router name configured 
during the installation 

Transport 


TIs 

Port 


45061 

Expires 


86400 

Subscription Failure retry 


3600 

Server Failure retry 


3600 

Static Routes 11 


<OCS DomainxIP address of 
Presence Services><Port> 

SIP SUBSCRIBE Contact 
FODN 12 


- 


10 The system provides the Presence Services domain by default for this parameter. This equates to the Service Router 
Name that the system provides at the time of the Presence server installation. 

11 The static route configures the next hop destination for the SIP SUBSCRIBE. The next hop should be SIP Proxy. The 
system presents the IP address of Presence Services and the port 5061 by default for this parameter. The system 
administrator must complete this static route by preceding these two entry values with the OCS domain, for example, if 
the IP address of your Presence Services is 135.64.22.133 and the OCS domain is ipsdemo.com, then 135.64.22.133 
5061 appears in the static route. Complete the static route by adding ipsdemo.com before the IP address to give a 
configuration of ipsdemo.com 135.64.22.133 5061. 

12 Select the “Define an optional external contact for SIP server to contact the RTC Collector” check box and then fill in the 
two associated configuration parameters: External host name that SIP server uses for contact and External port that SIP 
server uses for contact, with the FQDN of the Presence server and the port 5061 respectively. These values set the Contact 
header in the SIP SUBSCRIBE, which uses as the request URI in the NOTIFY request sent by the OCS server. The 
objective is that the system uses Contact address as the NOTIFY R-URI by the OCS server. 
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Configuration parameter 
Name 

Parameter value 

Default value presented on the 
configuration screen 

SIP SUBSCRIBE Contact Port 


- 


OCS Gateway configuration worksheet 

The OCS Gateway configuration worksheet identifies the set of configuration parameters that 
are when you enable an OCS Gateway. It is important that you know the values for the following 
parameters before starting the configuration process. 


Configuration 
parameter Name 

Parameter value 

Default valued presented on the 
configuration screen 

OCS Domain 



PS SIP Domain 13 


The service router name configured during 
installation, for example, 
pres.ipsdemo.com. 

Transport 


tls 

Port 14 



Expires 


86400 

Subscription Failure 
retry 


3600 

Server Failure retry 


3600 

PS IP address 



SIP Proxy Port 15 



PS server FODN 



SIP SUBSCRIBE 
Contact Port 16 



TLS keystore full file 
path 17 




13 The Service Router Name solicited during the installation process is the Presence Services presence domain. 

14 The system provides a default port, 5061. You must change this port to a free port, typically to 65061. The convention for 
backend SIP servers is to use 5061 with an integer value from the set 1,2,3,4,5,6 prepended to create the port. Note that 
any value greater than 6 pushes the port value beyond the acceptable range of TCP ports. 

15 The SIP Proxy port is 5061. 

16 The contact port should be that of the SIP Proxy, that is 5061. 

17 Currently, TLS keystore full file path is / opt/Avaya/Presence/ jabber/xcp/certs/ 
generic.pem. j abber 
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OCS Gateway configuration worksheet 


Configuration 
parameter Name 

Parameter value 

Default valued presented on the 
configuration screen 

TLS trust store full file 
path 18 




18 Currently, TLS trust store full file path is /opt/Avaya/Presnce/j abber/xcp/certs/ 
generic.trusts 
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Appendix G: Process flow of a SIP Subscribe 

from the RTC Collector to 
Presence Services 


Initiating a SIP subscribe from the RTC Collector to an OCS 
server 


During the Presence Services installation, the Presence server interacts with System Manager 
to retrieve users and system level data. This data is stored in a local database, known as 
presence database. The user data that the Presence Services system retrieves from the 
presence database includes the communication handle of a user. For the RTC Collector to 
monitor and retrieve the OCS IM communication status of a user, then an RTC handle 
associated with an Aura user should be provisioned in System Manager. The RTC handle is 
instrumental in the retrieval of the OCS presence state of a user. When you enable and activate 
an RTC Collector, the RTC Collector obtains RTC handles provisioned for the Presence 
Services users. The system then subscribes for the user's OCS presence using this handle. 
The following flow describes a successful subscribe request: 

• RTC Collector is activated. 

• RTC Collector reads configuration. 

• RTC Collector initializes SIP stack. 

• RTC Collector sets up RTC Subscriber User (RTC User and the Presence Services SIP 
Domain parameters). 

• RTC Collector creates presence fragment initialized to unknown presence. 

• RTC Collector publishes initial presence fragment to ESC for aggregation and 
composition. 

• RTC Collector creates SIP SUBSCRIBE using To address equal to RTC Handle of the 
user. 

• RTC Collector sends SUBSCRIBE. 

• SIP Proxy receives outbound SIP SUBSCRIBE to OCS. 

• SIP Proxy applies SIP routing rules to ocs-domain from ps-domain. 

• SIP Proxy resolves ocs-domain to OCS Edge server. 
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Process flow of a SIP Subscribe from the RTC Collector to Presence Services 


• SIP Proxy sends SIP SUBSCRIBE to OCS Edge server. 

• OCS Edge server authenticates PS server and resolves OCS server for the OCS user. 

• OCS server receives SIP SUBSCRIBE and sends a response. 

• RTC Collector receives response and updates the subscribe state. 

• OCS server delivers SUBSCRIBE request to a MOC user. 

• MOC user authorizes request. OCS server sends SIP NOTIFY to OCS Edge server. 

• OCS Edge server sends SIP NOTIFY to Presence Services SIP Proxy. 

• SIP Proxy applies route rules for NOTIFY and To RTC Collector system user. 

• RTC Collector receives NOTIFY. 

• RTC Collector processes OCS PIDF body of NOTIFY extracts status, activities and 
publishes to ESC for aggregation. 

• Presence Services Compositor creates a new composite PIDF presence document and 
applies Availability Calculation for a user. 

• Presence Services distributes new composite PIDF presence document to authorized 
watchers. 

• Presence Services sends SIP NOTIFY to SIP based watcher clients. 

• Presence Services sends XMPP presence with embedded PIDF presence document to 
XMPP based watcher clients. 

The presence that the system obtains from OCS through the RTC Collector is aggregated as 
a part of a composite presence for an Avaya Aura® user. This presence is made available to 
any authorized Avaya Aura® subscribing user or watcher. Aura users make a subscription for 
presence by subscribing to their resource list. This occurs when an Avaya Aura® user adds 
another Avaya Aura® user as a (user level) contact and sets the buddy flag for the contact. 
This flag indicates that the owner of the contact wishes to make a presence subscription to 
this contact. Once the system authorizes the subscription, the Presence server sends the 
composite presence for that contact to the subscribing user in a SIP NOTIFY. The composite 
presence document contains OCS presence of the contact user. 


The SIP OCS Gateway component 


Inbound requests 

The inbound requests originate from the OCS/Lync and route through the OCS/Lync Edge 
server and the Presence Services SIP Proxy. The Presence Services SIP Proxy is instrumental 
in directing SIP requests from the OCS/Lync system to the OCS Gateway. You can achieve 
this through the routing rules defined in SIP Proxy. Inbound SIP requests are subject to routing 
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The SIP OCS Gateway component 


rules, which are defined on the To and From headerfields of a SIP request. The inbound routing 
rules directs certain SIP requests originating from an OCS/Lync system to the OCS 
Gateway. 


Outbound requests 

The outbound requests are the SIP requests that the system initiates as a result of Avaya Aura® 
client initiated requests destined for an OCS/Lync enterprise user. These requests are 
processed by Presence Services and are routed internally through the OCS Gateway. In the 
current Presence Services implementation, these requests are XMPP requests that originates 
from an Aura client. 

For example, an Avaya Aura® enterprise user logged on a 1XC-H.323 or 1XC-SIP client can 
click on a user in their contact list and initiate an IM with that peer enterprise user. The 1XC 
clients then indicates that the target user has two IM addresses: an Avaya Aura® XMPP handle 
and an OCS/Lync handle. If the initiating user selects the OCS/Lync handle, then the Avaya 
Aura® client sends an XMPP IM message to Presence Services and then Presence Services 
routes this IM message internally through the OCS Gateway. This is because the system 
configures the OCS Gateway to handle communications with the OCS/Lync domain and the 
address used in the request contains the OCS/Lync domain. 

Outbound SIP requests route through a SIP Proxy of Presence Services, then to the OCS/ 
Lync Edge, and then into the OCS/Lync server. The SIP communication is based on a 
federated deployment of Presence Services with OCS/Lync. The configuration on OCS/Lync 
Edge is for federated inter-working. Therefore, you must configure Presence Services for 
federation as an IM provider on the OCS/Lync Edge server. 

Additionally, to establish TLS communications and achieve server authentication, it is 
necessary that the CA TLS/SSL certificate of the Certificate Authority, which signed the 
TLS/SSL certificates of Presence Services and OCS/Lync Edge, are imported into each of the 
trust stores on Presence Services and the OCS/Lync Edge respectively. With the appropriate 
Presence Server Host records and SRV records configured in the DNS service associated with 
the OCS/Lync Edge and the OCS/Lync server, you establish this trust relationship. 

Use the following domains as an illustration: 

• The PS domain is pres.ipsdemo.com 

• The OCS/Lync domain is ipsdemo.com 

• The PS server FQDN is ipsdemo-ipsl .ipsdemo.com 

• The OCS/Lync Edge server external FQDN is ipsdemo-winsrv2.glob.ipsdemo.com 

• The OCS/Lync server is ipsdemo-winsrvl .glob.ipsdemo.com 

If you are enabling the OCS Gateway during installation, then you must know the appropriate 
values for the following parameters on the Presence server: 
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• OCS/Lync Edge: The external FQDN of the OCS/Lync Edge server, for example, 
ipsdemo-winsrv2.glob.ipsdemo.com 

• OCS/Lync SIP domain: The OCS/Lync domain, for example, ipsdemo.com 

•OCS/Lync SIP Port: 65061 

These parameters set up the OCS Gateway configuration together with the default settings for 
non-solicited parameters. You can also use these parameters to configure the OCS Gateway 
routing rules in the SIP Proxy. 

The SIP Proxy plays an integral part in the processing of a SIP request that the system sends 
to the OCS/Lync server and in handling the SIP requests received from the OCS/Lync server 
to Presence Services. You must define routing rules in the SIP Proxy, which routes SIP 
requests to their appropriate destination servers. Two rules govern the flow of SIP requests to 
and from OCS/Lync: 

• The outbound SIP (SUBSCRIBE, INVITE, ACK, NOTIFY) requests from Presence 
Services to OCS/Lync have a rule which specifies that if the To header is set to the OCS/ 
Lync domain and if the From header is from the Presence Services domain, then you 
must apply the default SIP routing rule. 

• The inbound SIP (SUBSCRIBE, INVITE, ACK, NOTIFY) requests have a rule which 
specifies that if the To header contains the Presence Services domain and the From 
header contains the OCS/Lync domain, then the request is to be routed to the OCS 
Gateway. 

• The default SIP routing rules determine the destination IPS address of the target domain. 
This requires the configuring of a Host mapping in the Proxy. This Host mapping maps 
an OCS/Lync domain to the external FQDN of the OCS/Lync Edge server. The external 
FQDN of the OCS/Lync edge server must be resolvable and requires an entry in the /etc/ 
hosts file. 


Initiating a SIP SUBSCRIBE from the OCS server to 
Presence Services 

A SIP SUBSCRIBE is initiated from the OCS server to an Avaya Aura® user when the OCS 
user adds the presence handle of an Avaya Aura® user to their buddy list. Following are the 
possible scenarios: 
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• Scenario 1: Avaya Aura® user is logged on the SIP client and the pending subscription 
notified in watcher information. 

• Scenario 2: Avaya Aura® user is logged on an XMPP client (1XC-H323), and the pending 
subscription delivered in an XMPP subscribe packet. 

• Scenario 3: Avaya Aura® user is logged on a legacy phone, and the pending subscription 
remains pending as the end user will not receive a notification of the pending 
subscription. 

Avaya Aura® user is logged on the SIP 1XC client 

• MOC/Lync user adds a presence handle of an Avaya Aura® user to the buddy list. The 
handle contains the Presence Services domain. 

• OCS server sends SIP SUBSCRIBE from an OCS user to the presence handle of the 
Avaya Aura® user. 

• DNS resolution routes the SIP SUBSCRIBE to OCS Edge server. 

• OCS Edge server resolves the Presence Services domain to the Presence server host. 

• OCS Edge sends SIP SUBSCRIBE to the Presence server (SIP Proxy). 

• SIP Proxy authenticates the OCS Edge server during the TLS session creation. 

• SIP Proxy receives SIP SUBSCRIBE from OCS-domain to Presence Services-domain. 

• SIP Proxy applies routing rules and forwards SIP SUBSCRIBE to OCS Gateway. 

• OCS Gateway sets up SIP session and sends 200 OK response. 

• OCS Gateway internalizes the SIP SUBSCRIBE to an internal XMPP subscribe. 

• Presence Services processes subscribe and sets up pending roster subscription. 

• Authorization Manager checks ACLs, but as the From address is not an Avaya Aura® 
user, Authorization Manager checks the Federation Domain configuration. Subscribe is 
treated as CONFIRM and requires explicit user authorization. 

• SIP Presence Services sends NOTIFY presence.winfo to Avaya Aura® SIP client with 
pending subscription. 

• SIP Presence Services sends NOTIFY through Session Manager, using the Route Set 
created. 

• SIP clients authorizes the subscribe using PUBLISH presence.wauth. 

• SIP Presence Services sends a subscribed packet to authorize internal roster 
subscription. 

• XMPP Roster is updated from pending to FROM. 

• OCS Gateway receives subscribed packet and creates a 200 OK response. 

• OCS Gateway sends 200 OK response to OCS Edge server through the SIP Proxy. 

• SIP Proxy receives 200 OK response and forwards to OCS Edge on an existing 
connection. 

• OCS Gateway creates NOTIFY status pending empty body. 
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• OCS Gateway sends NOTIFY to OCS Edge through SIP Proxy. 

• SIP Proxy applies Outbound routing rules To OCS-domain From Presence Services- 
domain. 

• SIP Proxy resolves OCS-domain to the OCS Edge server. 

• SIP Proxy sends NOTIFY to the OCS Edge server. 

• Composite presence of Aura user (subscriber) is generated for the OCS user. 

• Composite presence sent to OCS Gateway. 

• OCS gateway applies composite presence mapping policy and maps the Aura user's 
overall presence. This is the first activities element in the composite PIDF's person 
element into a single tuple PIDF document. 

• OCS Gateway sends NOTIFY to the OCS user through a SIP Proxy, as per outbound 
proxy configured in OCS Gateway. 

• SIP Proxy receives NOTIFY and applies routing rule: To OCS-domain From Presence 
Services-domain and routes request to OCS edge. 

• OCS Edge resolves the NOTIFY and forward to the OCS server of the user. 

• OCS server delivers presence to the MOC/Lync client of the user. 

Internally, the SIP SUBSCRIBE for presence from OCS is managed as an XMPP Roster 
subscription, which is a permanent subscription. This remains extant until the subscription is 
explicitly removed, for example, a SIP SUBSCRIBE with a value, expires = 0. This value is 
translated internally to unsubscribe the request, and the XMPP roster subscription of the OCS 
user is removed. 

O Note: 

The presence NOTIFY from the OCS Gateway is routed through the SIP Proxy. Ordinarily, 
this does not happen, but for the OCS Gateway, the outbound proxy configuration is set to 
create a next hop node as the SIP Proxy. An Aura SIP client is informed about a pending 
subscription through a watcher information notification. The authorization of the subscription 
is performed by sending a SIP PUBLISH on the presence.wauth package. 

Avaya Aura® user is logged on the XMPP 1XC-H323 client 

• MOC user adds a presence handle of an Avaya Aura® user to the buddy list. The handle 
contains the Presence Services domain. 

• OCS server sends SIP SUBSCRIBE from an OCS user to the presence handle of the 
Avaya Aura® user. 

• DNS resolution routes the SIP SUBSCRIBE to OCS Edge server. 

• OCS Edge server resolves the Presence Services domain to the Presence server host. 

• OCS Edge sends SIP SUBSCRIBE to the Presence server (SIP Proxy). 

• SIP Proxy authenticates the OCS Edge server during the TLS session creation. 

• SIP Proxy receives SIP SUBSCRIBE from OCS-domain to Presence Services-domain. 

• SIP Proxy applies routing rules and forwards SIP SUBSCRIBE to OCS Gateway. 
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• OCS Gateway sets up SIP session and sends 200 OK response. 

• OCS Gateway internalizes the SIP SUBSCRIBE to an internal XMPP subscribe. 

• Presence Services processes subscribe and sets up pending roster subscription. 

• Authorization Manager checks ACLs, but as the From address is not an Avaya Aura® 
user, Authorization Manager checks the Federation Domain configuration. Subscribe is 
treated as CONFIRM and requires explicit user authorization. 

• Presence Services sends XMPP subscribe packet to XMPP client of the Avaya Aura®. 

• Aura XMPP clients authorizes the subscribe sending an XMPP subscribed. 

• XMPP Roster is updated from pending to FROM. 

• OCS Gateway receives subscribed packet and creates a 200 OK response. 

• OCS Gateway sends 200 OK response to OCS Edge server through the SIP Proxy. 

• SIP Proxy receives 200 OK response and forwards to OCS Edge on an existing 
connection. 

• OCS Gateway creates NOTIFY status pending empty body. 

• OCS Gateway sends NOTIFY to OCS Edge through SIP Proxy. 

• SIP Proxy applies Outbound routing rules To OCS-domain From Presence Services- 
domain. 

• SIP Proxy resolves OCS-domain to the OCS Edge server. 

• SIP Proxy sends NOTIFY to the OCS Edge server. 

• Composite presence is generated for the OCS user. 

• Composite presence sent to OCS Gateway. 

• OCS Gateway applies composite presence mapping policy and maPresence Services 
Enterprise IM presence tuple to OCS PIDF. MaPresence Services highest priority tuple 
from composite PIDF. 

• OCS Gateway sends NOTIFY to the OCS user through a SIP Proxy, outbound proxy 
configured in OCS Gateway. 

• SIP Proxy receives NOTIFY and applies routing rule: To OCS-domain From Presence 
Services-domain and routes request to OCS edge. 

• OCS Edge resolves the NOTIFY and forward to the OCS server of the user. 

• OCS server delivers presence to the MOC client of the user. 

O Note: 

The main difference between this flow and the SIP flow is that the subscribe packet is 
delivered to the Avaya Aura® XMPP client to indicate a pending subscribe. In the SIP case, 
the watcher information informs the client about a pending subscription. 

Avaya Aura® user logged on a legacy phone 

The subscription remains pending. The subscription is not authorized until the user logs on 
another device which can support the explicit authorization of the pending subscription. 
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Initiating an IM conversation from Presence Services to the 
OCS server 

An Avaya Aura® user can initiate an IM conversation with another enterprise user by adding 
the user as a contact and then clicking on the IM icon on the Avaya Aura® client interface. This 
action renders the IM contact addresses for that contact user. If the system provisions an OCS 
handle for the Avaya Aura® user, then the system initiates an IM conversation using the OCS 
contact address. The flow of such an IM conversation is as follows: 

• Avaya Aura® user clicks on the IM icon of the contact user and then selects an OCS 
handle. 

• Avaya Aura® user types a message and presses Enter to send the message. 

• Avaya Aura® client sends XMPP message from an Avaya Aura® presence handle to an 
OCS handle. 

• Presence Services Connection Manager receives message and routes the message to 
the OCS Gateway. 

• OCS Gateway sets up a SIP session. 

• OCS Gateway sends an invite to an OCS user handle from the presence handle. 

• SIP Proxy receives an invite and applies outbound routing rule To OCS-domain From PS- 
domain. 

• SIP Proxy sends invite to the OCS Edge server. 

• The OCS Edge server resolves the OCS user address and sends an invite to the OCS 
server. 

• The OCS server sends an invite to the MOC/Lync client of an OCS user. 

• The system accepts an IM conversation and sends 200 OK response to OCS Gateway 
through the OCS Edge server and SIP Proxy. 

• OCS Gateway sends ACK to complete the offer/answer exchange. 

• The system converts XMPP IM message into SIP MESSAGE. 

• The system sends SIP MESSAGE to SIP Proxy. 

• SIP Proxy applies outbound routing rules and sends SIP MESSAGE to the OCS Edge 
server. 

• OCS Edge routes MESSAGE to the OCS server. 

• The OCS server delivers MESSAGE to MOC/Lync client. 
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Initiating an IM conversation from the OCS server to 
Presence Services 

A user on a MOC/Lync client can initiate an IM conversation with another Avaya Aura® user 
by using the presence handle of the Avaya Aura® user. 

• MOC/Lync user clicks the Avaya Aura® presence user handle on the buddy list. 

• MOC/Lync user types a message and presses Enter to send the message. 

• MOC/Lync client sends SIP INVITE from the OCS user handle to the presence user 
handle. 

• OCS Edge resolves the Presence Services domain to the Presence server host. 

• OCS Edge sends SIP INVITE to SIP Proxy. 

• SIP Proxy receives SIP INVITE and applies inbound routing rule To PS-domain From 
OCS-domain and sends SIP INVITE to OCS Gateway. 

• OCS Gateway creates SIP session and sends 200 OK to complete the dialog. 

• The OCS Edge server forwards ACK to SIP Proxy. 

• SIP Proxy receives ACK and applies inbound routing rule To PS-domain From OCS- 
domain and sends SIP ACK to OCS Gateway. 

• OCS Gateway receives ACK. 

• The OCS Edge server forwards SIP INFO with a typing status to SIP Proxy 

• SIP Proxy receives SIP INFO and applies inbound routing rule To PS-domain From OCS- 
domain and sends SIP INFO to OCS Gateway. 

• OCS Gateway receives SIP INFO. 

• OCS Gateway converts SIP INFO into XMPP message with chat state notification is 
composing. 

• OCS Gateway sends an XMPP message to an Avaya Aura® user XMPP IM session. 

• Presence Services Connection Manager forwards XMPP is composing message to the 
client of the Avaya Aura® user. 

• OCS Edge server forwards SIP MESSAGE to SIP Proxy. 

• SIP Proxy receives SIP MESSAGE and applies inbound routing rule To PS-domain From 
OCS-domain and sends SIP MESSAGE to OCS Gateway. 

• OCS Gateway receives SIP MESSAGE. 

• OCS Gateway converts the SIP MESSAGE to an XMPP message. 
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• OCS Gateway sends an XMPP IM message to the XMPP IM session of the Avaya Aura® 
user. 

• Presence Services Connection Manager forwards XMPP is composing message to the 
client of the Avaya Aura® user. 
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Appendix H: Configuration parameters and 

references 


SIP Proxy parameter reference 

Presence Services has different User Agent (UA) servers to handle different SIP packages. 
To avoid contention, the UAs bind to different ports. A local stateless SIP proxy provides a 
single SIP address into a Presence Services node. This local proxy takes incoming requests 
on standard SIP ports and send the request by proxy over the local host to the appropriate SIP 
UA. 

Given that the local proxy is the point of entry for all SIP requests into the Presence Services 
node, it can also perform the trusted host checks. The proxy communicates to other UAs 
through local host sockets so the local host is the UAs trusted host. Outbound requests from 
collectors like the RTC collector may use this local proxy. 

This section provides a reference for all of the parameters associated with the SIP Proxy 
component. The parameters are divided into subsections based on the configuration view in 
which the system displays them. 

Related topics: 

SIP Proxy basic parameters on page 321 
SIP Proxy intermediate parameters on page 323 
SIP Proxy advanced parameters on page 325 


SIP Proxy basic parameters 


Description 

This parameter figures in the Components area on the main page of Presence Services XCP 
Controller Web interface. It helps you distinguish between components of the same type when 
you have more than one configured components. You can change the description as 
needed. 
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Realm of the global configuration 

Enables to specify the primary servers realm if you configure a list of trusted TLS hosts on your 
primary XCP server. 


SIP proxy routing rules 

Enables to add routing rules for the SIP proxy. 


Default rule 

This option enables to use to handle SIP requests that do not meet any of the configured routing 
rules. 


Forward request 

Enables the system to forward SIP requests that do not meet any of the configured routing 
rules to specific hosts. 


Bounce request 

Enables the system to bounce SIP requests that do not meet any of the configured routing 
rules. 


Percentage of max memory to use for the SIP stack 

This memory is allocated when the SIP proxy system starts, so make sure that you have the 
memory available. 


Remote host configuration 


ID of the component to get this configuration from 

This parameter is specific to SIP gateways. If you already have a SIP Host configured for 
another gateway, you can enter the ID of the component here to use the same 
configuration. 


Local configuration 

Enables to configure a new SIP host. 
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Add a new SIP transport 

Enables to specify the type of transport protocol that the SIP clients are using. You can select 
the type of transport protocol as UDP, TCP, or TLS. 

Timeout for notify response to subscriptions with expires=0 (seconds) 

The number of seconds to wait before the system times out the response for a Presence 
request. 


SIP Proxy intermediate parameters 


Router outbound connection information 

Enables the Presence Services router to connect to the component. For example, if the 
component is running outside your firewall, using this option, the router can connect to the 
component safely rather than introducing security risks by letting the component connect to it. 
By default, components connect to the router using the routers Master Accept Port. 


Component IP 

The IP address or host name of the system on which the component is installed. 


Port 


The port that the component uses for communications. 


Password 

The password that the router uses to authenticate the component. 


Execute an external command 

Using this option, the router can start the component automatically. If you prefer to start the 
component from a command line, disable this option. 


Command line to run 

A default command runs the component automatically. You can modify it, if needed. 
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O Note: 

Do not use the -B argument with this component. Since the IPS logger is already a daemon 
process, its children must not be daemons. 

Do not redirect output, because all output to STDOUT and STDERR are redirected to /dev/ 

null. 


Hostnames for this component 

This option specifies the hosts for which this component handles packets. Specify a host filter 
only if you want the component to be externally addressable. For example, if you want clients 
and other components or programs to communicate with it. This is because the mod_disco 
module in JSM uses host filters to return the component as something that is discoverable. 


Host Filters 

The host names or IP addresses for which you want this component to handle packets. 
Separate each host name or address with a line break. 

Host filters must be host names, or IPv4 or IPv6 addresses. If you use an IP address, the 
packet address must also use this IP address. 


Outbound proxy 

You can ignore this option unless you are chaining SIP Proxy components. If you need to chain 
SIP proxies, contact technical Support. 


Proxy IP address 

The IP address of the system on which the SIP Proxy is running. 

Proxy port 

The SIP stack port being used by the proxy. This is the port of the transport the proxy is 
using. 

Proxy transport 

The type of transport being used by the SIP Proxy. 
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Component Logging (Jlog) 

Enables to configure filtered level loggers that log messages to syslog and to a stream (stderr 
or stdout). You can enable either or both the syslog and stream loggers. These parameters 
are displayed in the controller’s Intermediate and Advanced configuration views. 


SNMP Configuration 

Select this option if you want to configure SNMP for the component. 


Enable SNMP 

Leave this parameter set to Yes. 


SIP Proxy advanced parameters 


Runlevel 

The order in which this component shuts down. The runlevel must be an integer value greater 
than or equal to 0. Component shutdown is executed in reverse order of the specified runlevel; 
components with the highest level (typically 80) shut down first. 


O Note: 

Do not change the runlevel unless you know exactly what you are doing and understand the 
effects that changing it will have. The default runlevel is provided to help the system shut 
down as smoothly as possible, and is based on this component's dependencies upon other 
components. 


Timeout for shutdown 

The number of seconds that the server waits to receive acknowledgement from the component 
that the shutdown process has completed. If the component has not shut down by the time 
this time period has elapsed, the router leaves the process in its current state and continues 
shutting down other processes. 
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Component properties 

Number of packets buffered when component is down 

The number of packets bound for the component that must be buffered if the component goes 
down. 

Bounce error packets to stderr 

Enables the router to send warnings to stderr when the component is down. 


Router outbound connection information 

Buffer size in bytes for outgoing data 

The number of bytes the router must buffer when it sends information to the component. You 
may want to modify this element when working on performance enhancements. 

Buffer size in bytes for incoming data 

The number of bytes the router must buffer when it receives information from the component. 
You may want to modify this element when working on performance enhancements. 

Send keepalives 

Enables the router to send keep-alives to the component. The keep-alive helps prevent 
firewalls from dropping an unused connection to the component. If this option is set to No, 
keep-alives are disabled. 

Log the delivery of packets to this component 

Enables to log the data that the router delivers to the component. The information is logged to 
the loggers you set up during Presence Services Logger configuration (syslog, file, or stderr). 
Socket-level logging happens only at the debug level. 


Execute an external command 

Maximum interval in seconds to wait before restarting component 

The maximum number of seconds after which the router tries to restart the component. If the 
component goes down, the router tries to restart it after 1 second. If the component does not 
start, the router multiplies the wait time by 1.5, and tries again. Once the maximum time interval 
that you specify for this parameter is reached, the router continues to retry after waiting this 
amount of time. 

Maximum number of times to restart component 

The total number of restarts allowed. The default setting, -1, means unlimited. 

Interval in seconds at which to reset this value to 1 second 

The number of seconds that the component has been up and running, after which to set the 
restart time back to 1 second. 
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Path to binary 

The directory path to the shell that launches the component. You can change the default setting 
if needed. 


SIP Proxy Tuning Parameters 

Server Connection Idle Timeout (seconds) 

The number of seconds of idle time after which the SIP Proxy connection closes. If you prefer, 
you can enter -1 to prevent the connection from ever timing out or 0 to timeout immediately 
after this component sends a final response to a SIP request. Setting the timeout to 0 is not 
recommended. 

Max TCP connections 

The maximum number of active TCP connections allowed at one time. 

Max TLS sessions 

The maximum number of active TLS sessions allowed at one time. 

Thread count for SIP processing 

The number of threads you want to use for SIP processing. 

Interval to wait for SIP dialogs to shutdown cleanly before exiting the application 

The number of seconds to wait for SIP dialogs to shut down before the SIP Proxy stops. 

Maximum SIP subscription duration (seconds) 

The maximum number of seconds after which SIP subscriptions refresh. The Presence server 
negotiates with the SIP host within the range created by this value and the minimum value. 

Default SIP subscription duration (seconds) 

The default number of seconds after which SIP subscriptions refresh. 

Minimum SIP subscription duration (seconds) 

The minimum number of seconds after which SIP subscriptions refresh. The Presence server 
negotiates with the SIP host within the range created by this value and the maximum value. 

Maximum SIP publish duration (seconds) 

The maximum number of seconds after which SIP publishes refresh. The Presence server 
negotiates with the SIP host within the range created by this value and the minimum value. 

Default SIP publish duration (seconds) 

The default number of seconds after which SIP publishes refresh. 

Minimum SIP publish duration (seconds) 

The minimum number of seconds after which SIP publishes refresh. The Presence server 
negotiates with the SIP host within the range created by this value and the maximum value. 

Send/Receive buffer size (bytes) 

The number of bytes in the buffer that is used to send and receive SIP messages. The buffer 
must be large enough to hold the largest SIP Notify message and the largest pidf Presence 
body that you plan to support. 
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TLS connection strict checking of hostname 

Enables the XCP server to verify that the name of the host making the TLS connection matches 
the host name that is in the certificate from that TLS connection. 

Expiration for a DNS Cache entry (seconds) 

The number of seconds that the XCP server caches the Presence server hosts DNS entry. 

Enable logging of SIP packets 

Enables to debug logging of SIP packets is enabled. 

A Caution: 

Activating this option can severely slow down the Presence servers performance 

Enable full SIP stack logging 

Enables to debug logging of the SIP stack is enabled. 

A Caution: 

Activating this option can severely slow down the Presence servers performance. 


Component Logging (Jlog) 

Add a new custom logger 

If you create a custom logger for logging component information using the libjcore library, click 
Go to access the Custom Logger Configuration page. 


SNMP Configuration 

Count errors 

Enables SNMP error counting. 

O Note: 

This option takes a great deal of server resource. Therefore, use it with caution. 
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Appendix I 


Presence Services cluster 
solution overview 


A sample installation 

The context for deploying a multi-node is a geographically dispersed installation environment, 
where each of the Presence server nodes is “homed” on a separate subnet. This is shown in 
sample the deployment figure. The objective of a Presence Services cluster installation is to 
support the scaling of the user base. Presence Services does not support high availability (HA). 
The installation of a Presence Services cluster is similar to installing a series of separate 
Presence Services on each of the sever nodes deployed in a cluster. During an installation the 
admin user selects a load balancing install option and specifies the cluster name for the 
installation. Additional information such as defining the realm for a node, JSM modules in the 
cluster, and local JSM for the installing node is provided to the installer. The user associated 
with this Presence Services installation is distributed across the Presence Services nodes of 
a cluster, based on the modulo N mapping algorithm. 
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Presence Services cluster solution overview 



Provisioning admin JID: 

cluster-pro v-nodel 
(5ipres.sdns.avaya.com 


PS nnln 1 

pr*s vd-i» «v«ry« cot 
R**irr pr«Mtnc*i 
IP Ailc|f«v.K 136 fV4 2 

Provisioning admin JID: 

cluster-prov-node3 
ipres.sdns.avaya.com 


PS node 2 

Domnin |>fnn.ndrtn /ivu/n ,ro»r 
R**lrr: oc»»»’sc*2 
IF* Ack|r*ip 13b.64.22.1 ^2 


Provisioning admin JID: 

cluster-prov-node2 
@p res. sdns.avaya.com 


Verifying the post-installation cluster configuration 

About this task 

When a Presence Services cluster is not functional, do the following on each node within the 

cluster: 

Procedure 

1. Modify the JSM presence administrator list in the JSM component configuration. 

2. Check the /opt/Avaya/Presence/jabber/xcp/etc/jsm-1 .xml file, to make sure that the 
Presence Services administrator list is updated correctly. 

For example, in the sample setup, the admin section for nodel must look like this: 
<admins xmlns="http://www.jabber.com/config/jsm"> 
<admin>jabber@presence.ca.avaya.com</admin> 

<admin>sip-ps-1 .presencel </admin> 

<admin>sip-bulksub-1 .presencel </admin> 

<admin>cm-2_s2scp-1 .presencel </admin> 
<admin>presence.ca.avaya.com</admin> 
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Verifying the post-installation cluster configuration 


<admin>authzAdmin@presence.ca.avaya.com</admin> 

<admin>cluster-prov-node1@presence.ca.avaya.com</admin> 

<admin>provisioning.presence1</admin> 

<admin>cluster-prov-node2@presence.ca.avaya.com</admin> 

<admin>provisioning.presence2</admin> 

<admin>cluster-prov-node3@presence.ca.avaya.com</admin> 

<admin>provisioning.presence3</admin> 

</admins> 

3. Modify the provisioning admin JID in the presence container component 
configuration. 

4. Check that the provisioning admin JID is created accordingly on each of the nodes 
within the cluster. 

For example, in the sample setup, node2 Presence servershould have cluster-prov- 
node2@presence.ca.avaya.com created through the following checking method: 

[root@weik-vm2-ps craft]# psql -U postgres -d xcp -c "select userjd, jid from users" 

userjd | jid 


10003 | 7002@presence.ca.avaya.com 

10004 | 5652@presence.ca.avaya.com 

10006 | 5001@presence.ca.avaya.com 

10007 | 5650@presence.ca.avaya.com 

10008 | 5006@presence.ca.avaya.com 

10009 | 5511@presence.ca.avaya.com 

10010 | 7000@presence.ca.avaya.com 
10012 | testd@presence.ca.avaya.com 

10104 | cluster-prov-node2@presence.ca.avaya.com 
10002 | sip_bulk_sub@jsm-1.presence2 

5. Verify the configuration of a Single Domain Name Support component. 

6. Verify that the Router to Router component is enabled and configured. 

7. If the endpoint users still do not have the correct present status, do the following: 

Ensure that each endpoint user created through System Manager is distributed 
across the Presence Services nodes of a cluster, based on a “modulo N mapping 
algorithm”, and hosted on a particular Presence Services cluster node. For 
example, user with login name, 5802@ca.avaya.com created through System 
Manager is distributed to node 3 in the sample setup, and could be verified using 
the following Command: [root@weik-vm3-ps craft]# psql -U postgres -d 
xcp -c "select user id, jid from users" 10207 
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Presence Services cluster solution overview 


5802@presence.ca.avaya.com 10208 | 5804@presence.ca.avaya.com 

10209 | 5800@presence.ca.avaya.com . 


Next steps 

If an endpoint user created from System Manager does not have a corresponding JID created 
on any of the nodes within a Presence Services cluster, the Presence Services feature does 
not work. 

If you do not have a JID, do the following: 

1. Create new endpoint users from System Manager after the successful Presence 
Services set up. 

2. Ensure that each node within the cluster is the Synchronized state with System 
Manager. A sample screen capture from System Manager Replication page shows 
all of the three nodes of the Presence Services cluster (weik-vml-ps.ca.avaya.com, 
weik-vm2-ps.ca.avaya.com, weik-vm3-ps.ca.avaya.com) in the Synchronized 
state. 


AVAyA Avaya Aura'System Manager 6.2 



3. Restart the services for Presence Services 

4. Restart each Presence Services node within the cluster individually. 

5. Delete user entries within xcp users table. To do so, perform the following: 

a. Log in to Presence Services as a root user and enter the following 
command, root@weik-vm1-ps SP5-1203]# psql -U postgres -d xcp -c 
"delete from users" DELETE 95 

b. Stop Presence Services and then restart Presence Services. 
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Appendix J: Known Issue - Configuring 

Presence Server as the 
Exchange Server URL in the 
XCP configuration 


If the Presence Server itself is configured as the Exchange Server URI in the XCP configuration, this has 
a significant negative impact on Exchange Collector performance. The expected behavior, on configuring 
an invalid URL, is for the autodiscovery service to be called for each mailbox and subsequent refresh 
periods will flush out the invalid URL when it eventually is deemed to have no mailboxes associated with 
it. This is the actual behavior for invalid URL’s other than the localhost. When ‘localhost’, ‘127.0.0.T or 
‘<Presence Server IP>’ is specified in the Exchange Server URI, the web service call hangs on every 
second or third request and the length of time for which it hangs increases each time. The impact of this 
issue is that it would take a considerable length of time for the Collector to autodiscover the valid URL for 
all mailboxes. 
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Glossary 


Avaya SIP 

Enablement 

Services 

Fully Qualified 
Domain Name 


OCS Gateway 


Presence server 


Presence Services 


Solution Element 
(SE) 

System Manager 


XMPP Server 


CAM 


Avaya servers running SIP Enablement Services perform proxy, 
registration, and redirection functions associated with SIP applications. 


The complete domain name for a specific host computer on the Internet. 
Fully Qualified Domain Name (FQDN) consists of the host name and the 
domain name, which includes the top-level domain. Every Web server 
requires a Domain Name System (DNS) server to translate FQDNs to IP 
addresses. 

OCS Gateway provides federation capability between the Presence 
Server and an OCS server, to enable peer-to-peer presence and IM 
between clients connected to Presence Server and Microsoft Office 
Communicator. 

Presence server collects presence information from various sources, 
such as Application Enablement Services (AES), Microsoft Office™ 
Communicator Server (OCS), and extensible Messaging and Presence 
Protocol (XMPP) Server for presentities retrieved from User Data Store 
and distributes the presence of a given class, such as phone and 
enterprise IM users. 

Presence Services is a single point of presence collection. It supports 
presence information gathering from a diverse range of sources. This 
information is aggregated on a per user basis, and then made available 
to presence aware applications. 

Avaya assigns a Solution Element ID (SE ID) and Product ID to each 
SAL Gateway. 

System Manager is a central management system that delivers a set of 
shared management services and a common console for System 
Manager and its components. 

An XMPP server that is used as a Presence source should be capable 
of handling large rosters. 

Avaya one-X® Agent Central Management is an optional Web-based 
solution that Avaya one-X® Agent customers can deploy based on their 
management requirement. It manages the operation for contact centers 
running Avaya one-X® Agent and provides the ability to manage all Avaya 
one-X® Agent features. 
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The SIP Bulk Subscription Server 


The SIP Bulk 
Subscription 

Server 

Supports bulk distribution of presence so that the transfer of presence 
information between Presence Services and LPS is efficient. 

Local Presence 

Services (LPS) 

Presence aware applications may use the Local Presence Services 
(LPS) to subscribe to Presence Services. Presence Services uses LPS 
to efficiently transfer presence information between the Presence 
Services server and the application servers. 

Presence Services 

Core extensible 
Communication 

Platform (XCP) 
server 

Maintains a list of presence fragments for a given presentity and performs 
composition of these fragments. The Core XCP is the conduit between 
the collectors and distributors of presence information in the system. 
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